Welcome to develop.hsbc

This short guide gets you started with our APIs and helps you to begin integrating your applications with our services. First, let's check that you are in the right place:

Onboarding and registration

We recommend that you first discuss your Commercial API requirements with a member of the HSBC Relationship Management or Sales team. Your representative is able to assist with completing any customer onboarding documentation and can assign a Client Integration contact to help guide you through the steps required to connect to our APIs.

You can register to use the Commercial APIs via this site. Registration allows you to access the API documentation and the test facility, enabling you to complete your integration to our services. In order to use the services in the live environment you must first be onboarded as a customer to HSBC.

Please complete the following steps to register a user, setup an Organisation and create your first App:

1. Please go to the Registration page to set up your account. If you are pre-registered by our support teams you can skip straight to adding your additional team members.
2. Complete the forms and activate your account using the link sent via the confirmation email.
3. Once registered, please set up an Organisation that represents your company, our team will check your details and confirm that your company profile matches the data we hold.
4. The first user to create the Organisation becomes the admin and can add and remove additional team members as required. Please contact our support team if you wish to choose a new admin user.
5. Once you have created your Organisation, you can add an App. The admin user can use Apps to control the Client ID and Secret credentials that are used to connect your applications to our APIs.

Please note, the portal is optimised for use in Chrome, FireFox, Edge and Safari browsers. Whilst Internet Explorer 11 is supported there will be some lost formatting on certain images and loss of dynamic features when viewing the technical documents. Please contact our support team for further information on IE 11 support.

Authentication

The connection between your application and our Commercial API infrastructure is based on server side TLS 1.2, two-way PKI authentication and unique Client ID and Secret credentials. Your application will have three types of mandatory credentials:

1. A Client ID and Client Secret for authentication
2. A Message Level Encryption for encryption and non-repudiation
3. A Digital Signature to certify that only the organisation holding the private key is the one that has signed the payload

In our Technical Documentation, you can find detailed guidance on the authentication flows required in the Test and Live environments for specific APIs. Once you have registered your Organisation, please use the API catalogue to find the correct documentation.

Testing connectivity

For the specific APIs that you are using, details on how to connect to the Test Environment can be found in the Technical Documentation. In order to test API connectivity, the Test Environment contains mock data; we provide a dataset that represents the different scenarios that are available in the production API responses. The testing interface and authentication flows simulate the production environment so you can progress the development and testing of your application. Your Client Integration contact is available to help resolve any issues found in testing and to complete the final validation ahead of go-live.

Feedback and support

Dive in and start coding your applications using our APIs. If you get stuck or require additional support then please speak to your nominated Client Integration contact or alternatively contact our team using the Support feature that is available under the Community menu for registered users.