Quick Start Guide - Explore
Get straight to work with tools that help you integrate with our digital systems
This page will help you to:
- Understand the components required to secure a connection
- Explore the Open API Specification
- Understand the various Environments available for testing and implementation of our APIs
On this page
Security Overview
The connection between your application and our Commercial API infrastructure is based on:
- Server side TLS 1.2
- Two-way PKI authentication
- Unique Profile ID and Secret credentials
Your application has three types of mandatory credentials:
- An E2E Trust Token generated with Profile ID for authentication
- A Message Level Encryption for encryption and non-repudiation
- A Digital Signature to certify that only the organisation holding the private key is the one that has signed the payload
You can find further details here - API Security at HSBC.
In our Technical Documentation, you can find detailed guidance on the authentication flows required in the Test and Live environments for specific APIs. Once you have registered your organisation, please use the API catalogue to find the correct documentation.
Open API Specification
OpenAPI Specification (formerly the Swagger Specification) is an API description format for REST APIs. An OpenAPI file allows you to describe your entire API, including:
- Available endpoints (/users) and operations on each endpoint (GET /users, POST /users)
- Operational parameters Input and Output for each operation
- Authentication methods
- Contact information, license and terms of use and other information
You can find more details here - Open API Specification.
Environments
The table below describes the environments that are exposed externally.
| Environment | Sandbox (Mock Response) | Sandbox (Smart Response) | UAT | Production |
|---|---|---|---|---|
| Description |
The Mock sandbox returns a static sample response based on the called end-point. It also supports: Simple scenarios based on the provided header values. Does not require message encryption so you can quickly trial the API response whilst you are preparing your encryption module for use with the smart sandbox. |
The testing interface and authentication flows simulate the production environment enabling you to progress the development and testing of your application.
|
The Production Environment |
|
| Available Environments for APIs | ||||
| Bank Guarantee | Request Sandbox Access |
You’ll need to contact your HSBC Implementation Manager to setup your organization to use our API services on UAT or Production Environment. |
||
| B2B Buy Now Pay Later | ||||
| Receivable Finance | ||||
| Trade Working Capital | Coming Soon | |||
| Import Letters of Credit | ||||
| Import Collection | ||||
| Export Letters of Credit | ||||
| Export Collection | ||||
| Supply Chain Finance | ||||
You can find further details here Using the Sandbox Toolkits.
Quick Start Guide:
Our APIs enable you to access financial solutions and approved customer data - then seamlessly implement them into your products and services.
2. Explore
Get straight to work with technical documents and tools such as Security Schemes, Sample Client and Sandbox Access, etc.
3. Build
Discover our documentation and use a Step-by-step tutorial for your successful implementation.
4. Launch
Transform your business process with HSBC's global network of products and services.