Onboarding and registration

We recommend that you first discuss your Commercial API requirements with a member of the HSBC Relationship Management or Sales team. Your representative will be able to assist with completing any customer onboarding documentation and can assign a Client Integration contact who will help guide you through the steps required to connect to our APIs.
You can register to use the Commercial APIs via this site, this will allow you to access the API documentation and the test facility that will enable you to complete your integration to our services. In order to use the services in the live environment you must first be onboarded as a customer to HSBC.
Please complete the following steps to register a user, setup an Organisation and create your first App:

1. Please go to the Registration page to set up your account. If you have been pre-registered by our support teams you can skip to adding your additional team members.
2. Complete the forms and activate your account using the link sent via confirmation email.
3. Once registered, please set up an Organisation that represents your company, our team will check your details and confirm your company profile matches the data we hold.
4. The first user to create the Organisation becomes the admin and can add and remove additional team members as required. Please contact our support team if you wish to choose a new admin user.
5. Once you have created your Organisation, you will be able to add an App. The admin user can use Apps to control the Client ID and Secret credentials that are used to connect your applications to our APIs.

Please note, the portal is optimised for use in Chrome, FireFox, Edge and Safari browsers. Whilst Internet Explorer 11 is supported there will be some lost formatting on certain images and loss of dynamic features when viewing the technical documents. Please contact our support team for further information on IE 11 support.

Authentication

The connection between your application and our Commercial API infrastructure is based on server side TLS 1.2, two-way PKI authentication and unique Client ID and Secret credentials. Your application will have three types of mandatory credentials:

1. A Client ID and Client Secret for authentication
2. A Message Level Encryption for encryption and non-repudiation
3. A Digital Signature to certify that only the organisation holding the private key is the one that has signed the payload

You will find detailed guidance on the authentication flows required in the Test and Live environments for the specific APIs that you are using in our Technical Documentation. Please use the API catalogue to find the correct documentation once you have registered your Organisation.

Testing connectivity

Details of how to connect to the Test Environment can be found in the Technical Documentation for the specific APIs that you are using. The Test Environment contains mock data for the purpose of testing API connectivity. We have provided a dataset that represents the different scenarios that will be available in the production API responses. The testing interface and authentication flows have been created to simulate the production environment so you can progress the development and testing of your application. Your Client Integration contact will be available to help resolve any issues found in testing and will complete the final validation ahead of go-live.

Feedback and support

Dive in and start coding your applications using our APIs. If you get stuck or require additional support then please speak to your nominated Client Integration contact or alternatively contact our team using the Support feature that is available under the Community menu for registered users.

Return to top