Where Siirto sits as of late May 2026
The standalone Siirto app stopped accepting logins on 27 May 2026, two days before this page was last reviewed. Nordea's own customer notice told users to capture their in-app payment history with screenshots before 26 May, and warned that pending requests would be cancelled at sunset. So the "in-app" surface is no longer a live integration target. The data the app held — the conversation-style payment ledger, the open requests, the MSISDN-keyed counterparty book — has moved into Nordea Mobile, with the underlying account flows reachable through Nordea Open Banking's PSD2 endpoints.
The shortest honest summary for an integrator landing here today: stop treating the Siirto app as a programmable surface, and reroute through (a) Nordea Open Banking's AIS API for the account-history side, (b) Nordea Open Banking's Corporate Payments API for the Siirto initiation template that still routes real-time between Nordea and OP, and (c) authorized protocol work on Nordea Mobile and the partner-bank apps for anything the PSD2 surface does not cover. That is the route we would actually take, and the rest of this brief is what it looks like in practice.
Data Siirto holds and where each piece comes from
| Domain | Where it lived in the app | Granularity | What an integrator does with it |
|---|---|---|---|
| Conversation-style payment history | Conversations tab — payments grouped by counterparty, with chat-like messages | Per-message timestamp, amount, free-text note, status (sent, received, settled) | Rebuild a normalised transaction ledger keyed by counterparty rather than account; useful for reconciliation |
| Pending payment requests | Requests inbox | Request id, amount, requestor MSISDN, expiry, message | Drive reminders, mirror open invoices on the integrator's side, cancel on settlement |
| MSISDN-resolved counterparties | Recipient picker | Phone number → resolved Siirto display name | Match phone numbers against known users; this is identity convenience, not a KYC substitute |
| QR merchant payments | Camera flow → confirmation screen | Merchant identifier, amount, receipt id | Capture merchant-acquirer-side receipts for accounting and reconciliation |
| Profile and strong-identification status | Settings | Customer status, app language (English, Finnish or Swedish per the listing), digital parental-approval flag for users under 15 | Surface account state on the integration side; the strong-ID assertion is referenced, not re-used |
| Linked bank routing | Backend tie to Nordea, OP, S-Bank or Ålandsbanken | Bank identifier only — full IBAN not surfaced in the app | Predict settlement shape: Siirto-tagged payments settle real-time only on Nordea↔OP and S-Bank↔S-Bank, otherwise SEPA |
Routes we use to reach it
Nordea Open Banking — regulated PSD2 route
For accounts held at Nordea, the dependable basis is the customer's own PSD2 consent under Finland's Payment Services Act (Act 898/2017). The AIS endpoint set returns account transactions, and the Corporate Payments API carries a Siirto-specific payment template id for real-time initiation. We arrange the AISP / PISP licensing question with the client during onboarding; access onboarding is handled as part of the engagement. Effort moderate, durability strong — this surface is on FIN-FSA's supervisory radar and will outlive any single app.
Authorized interface integration on Nordea Mobile (and the bank-side apps)
Anything that lives in the new Nordea Mobile surface but is not on the PSD2 list — the rebuilt request inbox, conversation grouping, QR receipt formatting — we reach through interface integration and documented protocol analysis on Nordea Mobile against a consenting customer or a sponsor sandbox arranged with Nordea. For partner banks (OP-mobile, S-mobiili, Ålandsbanken Mobiili) the same shape applies on their own surfaces; we scope each separately.
User-consented credential access for historical data
For a customer who wants their own pre-sunset Siirto history pulled together one last time, we run the integration under their explicit consent against the now-frozen surfaces they still have access to (their account-side records on Nordea Open Banking, plus whatever screenshots or exports they captured before 26 May). One-shot extraction, not a recurring sync.
Native export — basically not present
The official guidance from Nordea was "save your transaction history by screenshot before 26 May 2026." That is not a substitute for a real export, and it is one reason most integrators end up on routes one or two. We mention it only so it does not surprise anyone on the customer call.
For most engagements the Nordea Open Banking surface carries the spine of the work and protocol analysis on Nordea Mobile fills the gaps. The user-consented historical route only earns its keep when the brief is genuinely a one-shot pull for one customer.
Four migration jobs this brief plans for
- Merchant checkout cutover. An online store accepted Siirto through Paytrail and now needs to redirect customers to a Nordea Mobile A2A flow before checkout starts breaking. Reconcile the historical Siirto receipts, then cut the flow over.
- Accounting tool, P2P inflow continuity. A bookkeeping product was parsing Siirto-tagged inflows for a small-business customer. We keep the Siirto label visible in the normalised feed, sourced from the bank-side transaction record rather than the (gone) app surface.
- Aggregator, one tax year of read-only history. A consumer aggregator wants the Siirto-tagged transaction labels preserved in its UI long enough to cover the current tax year. Read-only pull from Nordea Open Banking AIS plus any screenshots the customer kept.
- KYC / compliance extract. A compliance team needs the strong-identification proof and audit trail from a now-ending Siirto account. One-shot extract under the customer's own consent.
Deliverables for this build
- OpenAPI specification for the wrapped surface — the AIS pulls, the Siirto initiation template against Nordea's Corporate Payments API, the normalised conversation-style ledger our adapter exposes.
- Protocol and auth-flow report: the OAuth 2.0 authorisation-code flow with Nordea, the detached-JWS request signing, consent-refresh windows, the SCA re-auth points and where they fall in a long-running sync.
- Runnable source in Python or Node.js for the key endpoints — transaction pull, paginated continuation, Siirto-tag filter, idempotent payment initiation with the Siirto template id, error handling for the typical Nordea sandbox responses.
- Automated tests running against the Nordea sandbox, covering the happy path, the consent-expired branch, and the SCT-fallback branch when settlement is not real-time.
- Compliance and retention notes covering FIN-FSA's expectations for AISP logging, data minimisation, and consumer consent records — sized to the engagement, not boilerplate.
Code shape: pulling a Siirto-tagged transaction
Illustrative; the exact field names are confirmed during the build against the current Nordea sandbox release. The Siirto filter is the interesting bit — the underlying transaction is an SCT Inst credit with a Siirto creditor reference, so the rest is conventional AIS pagination.
import requests, time
NORDEA_AIS = "https://api.nordeaopenbanking.com/personal-ais/v5"
def pull_siirto_history(access_token, account_id, since, client_id, sig):
headers = {
"Authorization": f"Bearer {access_token}",
"X-IBM-Client-Id": client_id,
"Signature": sig, # detached JWS over the request
"Accept": "application/json",
}
params = {"from_date": since, "continuation_key": None}
out = []
while True:
r = requests.get(
f"{NORDEA_AIS}/accounts/{account_id}/transactions",
headers=headers, params=params, timeout=15)
r.raise_for_status()
page = r.json()["response"]
for t in page["transactions"]:
# Siirto inflows arrive as SCT Inst with a Siirto creditor
# reference. Merchant QR settlements carry a structured
# reference distinct from peer-to-peer notes.
if (t.get("payment_method") == "INST"
and "SIIRTO" in (t.get("creditor_reference") or "")):
out.append({
"txn_id": t["transaction_id"],
"amount": t["amount"],
"counterparty_msisdn": t.get("debtor_identifier"),
"message": t.get("remittance_information"),
"booked": t["booking_date"],
})
if not page.get("continuation_key"):
return out
params["continuation_key"] = page["continuation_key"]
time.sleep(0.2)
Engineering decisions we lock in early
- The sunset boundary is real and one-directional. We design the integration against the post-27-May Nordea Mobile and Nordea Open Banking surfaces, not the legacy in-app surface. Anything depending on the old Siirto-app screen (the conversation tab as the app rendered it) is reconstructed from the bank-side ledger rather than scraped, because the source is gone.
- The Nordea PSD2 consent-refresh window. We wire the refresh into the sync cycle so a long-running aggregation does not silently expire. The SCA re-auth points are scheduled, surfaced to the calling app, and tested in CI.
- The settlement-shape split. Siirto-tagged transfers between Nordea and OP, and between two S-Bank accounts, settle in real time per Nordea's own description; the same payment between Nordea and S-Bank or Ålandsbanken processes as a normal SEPA credit and arrives the next banking day. We surface that distinction in the normalised data so downstream code does not assume instant settlement.
- The multi-bank participant set. Where data lives at OP, S-Bank or Ålandsbanken, each is a separate Open Banking integration with its own consent and its own surface. We scope the work per participant and only as far as the consent reaches.
- Strong-identification handling. The Finnish online-banking-credential strong-ID assertion shows up in the profile data but is not portable — we reference it on the integration side, never copy it into another system.
Consent and the FIN-FSA framework
The Finnish regulator for this work is Finanssivalvonta (FIN-FSA). PSD2 is transposed into Finnish law through the Payment Services Act amendment (Act 898/2017) and the Payment Institutions Act amendment (Act 890/2017), in force since 13 January 2018 per FIN-FSA's own framework page. FIN-FSA licenses AISPs and PISPs, supervises Strong Customer Authentication, and is the complaints route for consumer-protection issues on PSD2 access. The dependable basis for everything we do here is the customer's own consent under that regime, captured and logged on our side and revocable by the customer; data minimisation and retention are sized to the consent. Where work touches partner-bank surfaces we operate under written customer authorisation arranged during onboarding. NDAs are signed where the project warrants it.
Sources and timing
Reviewed 29 May 2026 by the OpenBanking Studio integration desk. Primary references opened for this brief: Nordea's customer notice for the Siirto-into-Nordea-Mobile migration and the 27 May 2026 retirement date (nordea.fi/en/personal/our-services/online-mobile-services/siirto.html); Nordea Open Banking's own support page on the Siirto API and Corporate Payments (support.nordeaopenbanking.com/.../What-is-Siirto-API); FIN-FSA's PSD2 regulatory-framework page covering Acts 898/2017 and 890/2017 (finanssivalvonta.fi/en/regulation/regulatory-framework/psd2); and the Nordea Open Banking developer portal for current endpoint shapes (developer.nordeaopenbanking.com/docs). Background on the operator history (Automatia, Loomis, 2025 relaunch) cross-checked against FinTech Futures and Wow Works coverage.
Other Finnish and Nordic payment apps in the same space
For context — neutral framing, not a ranking. Each holds adjacent data an integration team often wants to read alongside Siirto.
- MobilePay. The dominant Finnish P2P app by share; transaction history, request inbox, card-linked payments.
- Vipps MobilePay. The consolidated Nordic group formed from Vipps, MobilePay and Pivo; cross-border P2P and merchant flows.
- Pivo. OP Bank's wallet, folded into Vipps MobilePay; ledger, loyalty and payment-method storage.
- Nordea Mobile. The destination surface for Siirto's features after retirement; full Nordea-account banking data.
- OP-mobile. OP Bank's main banking app; OP-side Siirto receipts live here.
- S-mobiili. S-Bank's mobile app; S-Bank-side Siirto inflows live here.
- Ålandsbanken Mobiili. Ålandsbanken's mobile banking app; relevant for the SEPA-fallback Siirto cases.
- Danske Mobile Banking. Danske Bank's Finland app; not a current Siirto participant but holds adjacent A2A history.
- Paytrail. Finnish checkout aggregator that exposed Siirto at the merchant tier; useful when reconciling merchant-side receipts.
- ePassi. Finnish mobile wallet for employee benefits; not Siirto but commonly co-integrated for accounting use cases.
Questions a real integrator brings to this
Now that the standalone app is gone, where does the payment history actually live?
After 27 May 2026 the Siirto experience moved into Nordea Mobile. Per-account transaction history (including the Siirto-tagged real-time credits) is reachable through Nordea Open Banking's AIS API for consenting customers, and through the customer's own bank-side statements. For users who want their own legacy in-app conversation view, the official guidance was to take screenshots before 26 May 2026; anything not captured then is not retrievable from the retired app surface.
Can we still trigger a Siirto-style real-time payment, or does it settle as a normal SEPA transfer now?
Between Nordea and OP, and between two S-Bank accounts, Siirto-tagged payments settle in real time. Across other rails (Nordea to S-Bank, to Ålandsbanken, etc.), the same payment is processed as a regular SEPA credit and typically arrives the next banking day. Nordea Open Banking's Corporate Payments API exposes the Siirto template id for the instant case; we wire the integration to fall back to a plain SCT for the rest.
Which Finnish regulator do we need to talk to for an AIS consent?
Finanssivalvonta (FIN-FSA) is the national competent authority and supervises AISP and PISP licensing under Finland's PSD2 transposition (Act 898/2017 amending the Payment Services Act, in force since 13 January 2018). For Nordea data specifically the access path runs through Nordea Open Banking's PSD2 endpoints; we handle the AISP licensing question with you during onboarding.
What about S-Bank and Ålandsbanken users — are they part of this?
They were Siirto participants for receiving payments. Their account-side data sits on their own banks' Open Banking APIs (separate from Nordea's), so a multi-bank integration is the realistic shape. We scope each connection separately and only as far as the consent and the bank's PSD2 surface support.
At $300 for source-code delivery — paid only after we hand the build over and you have satisfied yourself it works against the agreed Nordea surfaces — most teams take this as a one-off engagement. If recurring use suits you better, call our hosted endpoint instead and pay per call, no upfront fee. Delivery is one to two weeks from the kickoff call. To start, write to us at /contact.html.
App profile — neutral factual recap
Siirto – Digital Cash (package fi.nordea.mep.p2p, per its Play Store listing) is a Finnish real-time mobile payment app whose stated function was to replace cash for small everyday payments: splitting bills, sending allowance, paying at a flea market, paying by merchant QR. Users were strongly identified using Finnish online-banking credentials; the app supported English, Finnish and Swedish; children under 15 could use it with digital parental approval. The app's own description mentions close to a million users. The standalone app was permanently retired on 27 May 2026 per Nordea's customer notice, with the Siirto experience moving into the Nordea Mobile app.