The APIs are made available to TPPs authorized by a local NCA (in Denmark Finanstilsynet) to operate as an AISP, PISP or PIISP under the PSD2 directive. For TPPs registered under a different national CA, they will need to passport their TPP status to operate in Denmark.
Access to production APIs is restricted to TPPs who are fully approved and authorized by their NCA to operate in the relevant roles (AISP, PISP, PIISP) in Denmark. Access to sandbox APIs is available to authorized TPPs as well as TPPs who have submitted their application to a NCA and have their approval pending.
To validate a TPPs authorization and roles, an automated one-time enrollment step is required, The enrollment step is described here
As of 14 March 2019, a limited sandbox with mocked APIs has been made available. The sandbox limited sandbox does not implement the full security model, and it does not enforce any security restrictions. Access to the limited sandbox is enbaled through signuop and subscription at the portal. And while restrictions are not enforced, only TPPs who can document their status are elegible for support.
As of 30 August 2019, the limited sandbox has been replaced by a full sandbox that implements enrollment, security- and SCA flows, and allows a TPP to test full connectivity using real eIDAS certificates. The full sandbox has replaced the limited sandbox and requires a set of eIDAS QWAC+QSEAL certificates similar to production. Production certificates will also give access to sandbox. If TPP does not have production certificates, please contact PSD2 support to discuss the options for using Test certifiates.
As of June 14 2019, full production APIs have been made generally available. Access to production endpoints is restricted to licensed TPPs. The TPP needs to have valid qualified certificates ready (both QWAC and QSEAL, which must be up to date including the specification of TPPs approved roles). It will not be possible to access production endpoints without valid QWAC and QSEAL certificates.