Testing instructions for stakeholders

Date of issue: 1/26/2023
Record no.: VH/1149/06.00.00/2024
Validity: 1/26/2023 - Until further notice

The instructions were last updated on 14.3.2024. Sections on past schedules and references to the project to establish a Positive credit register have been removed from the instructions. The instructions have also been clarified: for example, unnecessary repetition has been removed and the order of presentation has been changed.

1 Purpose and objectives

These instructions are for operators participating in the Positive credit register’s stakeholder testing. They apply to the first stage of the register rollout, i.e. the reporting and requesting of information on consumer credits and loans comparable to them. The focus in stakeholder testing is on technical APIs. The participants of the stakeholder testing include organisations that report information on loan contracts to the Positive credit register, organisations that use the loan data, credit information companies, and authorities that use the registered data.

The testing allows stakeholders to make sure they are technically capable of reporting and requesting data. When testing the APIs, the stakeholders can also ensure that their own systems and processes work in the appropriate manner. Testing is not required but it is highly recommended. Each stakeholder is responsible for building its own APIs and for ensuring their conformity to law.

The data used in testing may not be connectable to natural persons or their data. Personal identity codes or other data that can be connected to natural persons may not be sent as test data under any circumstances: the test data must always be anonymised.

2 APIs and services to be tested and their addresses

The focus of stakeholder testing is on technical APIs used to report and request data. This chapter lists the APIs and services to be tested by lenders, as well as the addresses of the APIs.

Reporting data:

APIs for reporting data on loan contracts and their addresses (REST)
- New loans: https://api-testi.positiivinenluottotietorekisteri.fi/AddLoans
- Changes to loans: https://api-testi.positiivinenluottotietorekisteri.fi/UpdateLoans
- Payment transactions: https://api-testi.positiivinenluottotietorekisteri.fi/Repayments
- Delayed amounts: https://api-testi.positiivinenluottotietorekisteri.fi/DelayedRepayments
- End of loan contract: https://api-testi.positiivinenluottotietorekisteri.fi/TerminateLoans
Batch status inquiry (REST) https://api-testi.positiivinenluottotietorekisteri.fi/GetBatchStatus
Checking loan data (REST) https://api-testi.positiivinenluottotietorekisteri.fi/GetLoan

Requesting data, lenders:

API for requesting a credit register extract (REST)
- A request for a credit register extract: https://api-testi.positiivinenluottotietorekisteri.fi/GetCreditRegisterExtract

In addition, all organisations participating in testing can test service breaks by sending an API call to https://api-testi.positiivinenluottotietorekisteri.fi/Servicebreak. Calling this address returns the same message as all other APIs during a service break.

3 Support and communication during testing

Testers have been able to communicate with us through the Enter portal. The portal is still in use, but it will be shut down. The last day of use of the portal is 30 April 2024. Because of this, no new users are accepted to the portal. Testers that have already registered for the portal can continue to use it until 30 April 2024. Read the instructions on the use of the Enter portal.

If the tester has not registered for the Enter portal, they can contact us with an online form provided for stakeholder testing.

After Enter is shut down, all testers will use the forms. The forms for stakeholder testing allow users to submit a stakeholder testing start notification, report any observations, technical problems and errors during testing, and contact us on other issues related to testing.

We communicate about current matters on the register's website and, if necessary, on the system information bulletin. Subscribe to the system information bulletin to your email.

The system bulletin will inform you of error situations, service breaks and disruptions in production and in stakeholder testing.

4 Progress of testing

The stakeholder signs up for testing by filling in the stakeholder testing start notification. The stakeholder then receives test IDs and instructions on how to retrieve a testing certificate. The testing certificate is retrieved by the stakeholder's technical contact person. After that, the actual testing of the APIs can begin. The stakeholder reports their observations and any technical problems and errors encountered during testing with the observation form provided for the purposes of stakeholder testing.

The different stages of testing are discussed in greater detail later in these instructions.

You must sign up for testing by completing the stakeholder testing start notification.

When signing up, the stakeholder

accepts the terms and conditions of stakeholder testing
specifies both a testing contact person and a technical contact person
can sign up to test both the reporting of data and the requesting of data.

The start notification will be processed within two weeks. After processing, the person who filled in the notification will receive a testing start package, and the technical contact person for testing will receive the information needed to retrieve a testing certificate.

When a stakeholder signs up for testing, we do not examine whether they are required to submit reports or have the right to use the register’s data. In other words, participation in testing does not guarantee the right to use data at the production stage, for example. Before the rollout of the register, stakeholders sign up to the register as data notifiers and apply for data permissions.

Signing up to the Positive credit register as a data notifier

Instructions for lenders on how to request a data permission

5.1 Testing on behalf of another party

A stakeholder can authorise another party to perform testing on its behalf. This is possible, for example, when the stakeholder has outsourced the technical reporting or the requesting of data to another operator. In that case, the stakeholder required to submit reports or using the data can itself sign up for testing, or the operator performing testing can sign up on behalf of the stakeholder. In connection with signing up, the details of the testing organisation’s technical contact person are given.

5.2 Testing start package

Once the stakeholder’s sign-up request has been processed, the person who filled in the testing start notification and the technical contact person will be provided with the information needed to start testing.

Lenders

Artificial personal IDs
- 100 IDs for the stakeholder’s own use
- 500 IDs for the shared use of all the testing stakeholders. Test customer IDs (Excel file)
Artificial Business ID and name of organisation
One or more testing certificates for the artificial Business ID. The information needed for retrieval will be sent to the technical contact person separately

Authorities

Artificial Business ID and name of organisation
A testing certificate for the artificial Business ID. The information needed to retrieve the certificate will be sent to the technical contact person separately.
Data access profile

Credit information companies

Artificial personal IDs
Artificial Business ID and name of organisation
A testing certificate for the artificial Business ID. The information needed to retrieve the certificate will be sent to the technical contact person separately.
Data access profile

6 Testing certificate

Each stakeholder needs its own testing certificate for testing the API. If the stakeholder intends to test both the reporting and the requesting of data, it needs two different types of certificates, because data notifiers and data users have different certificates. Stakeholders can also request more than one certificate of each type.

The testing certificate is used only in the stakeholder testing environment during stakeholder testing. A different certificate is needed for production use.

The technical contact person receives a secure email message containing the identifiers needed for retrieving the certificate. The message is sent within two weeks after the testing start notification has been submitted. To open the secure email, the technical contact person receives a PIN code by text message. The certificate must be retrieved within 14 days from the receipt of the messages.

Read the instructions on the testing certificate.

7 Testing

The purpose of testing is to ensure that

the data generated by the stakeholder’s information system complies with the requirements, and the stakeholder can report the data to the Positive credit register and check its accuracy in the register
the stakeholder receives correct processing responses to its reports and is able to use them
the stakeholder’s own processes and systems will handle various situations, such as errors, in the desired manner
credit register extracts can be requested and generated, and they contain correct data
data requests sent by authorities and credit information companies are successful
data requested from the register can be used in the stakeholder’s own systems.

Each stakeholder tests the APIs they intend to use during production. In testing, it is advisable to proceed from simple basic cases to more complex test cases, testing all the stages and situations of different processes.

Stakeholders must create relevant test cases for different situations of reporting and requesting data, taking account of changes and errors, as well as their own processes.

We have made demo videos regarding lenders' APIs to support testing. Watch the videos on YouTube.

7.1 Stakeholder testing environment

Stakeholders can test the Positive credit register in the stakeholder testing environment. The stakeholder testing environment is available all the time, with the exception of scheduled service breaks or error situations, which are responded to during office hours.

After the Positive credit register is rolled out to production, the stakeholder testing environment will have a technical implementation and settings corresponding to the production environment. However, if changes or corrections are made to production, they are usually first released to the stakeholder testing environment. This means that the implementation of the stakeholder testing environment may temporarily differ from that of production. On account of the above, stakeholders will have an advance opportunity to test changes that will be introduced to production.

The stakeholder testing environment is shared by all the testing stakeholders, so data reported during testing may also be returned to other stakeholders when the requesting of data is being tested. Stakeholders can also perform joint testing.

7.2 Deviating processing rules of the testing environment

Testing is possible only with such artificial customer IDs that are saved in the register's stakeholder testing environment. Testing with other customer IDs is not possible because no matching information is available in the register.

There are no processing rules related to dates in the stakeholder testing environment that would differ from the production environment.

The date on which the loan contract was concluded (ContractDate) is a required element in the New loans API. This concerns loans that are reported on 1 April 2024 or later. The same date requirement will also be in place in the stakeholder testing environment starting 1 April 2024. This means that the date is optional in the stakeholder testing environment until 31 March 2024.

10.2 Version releases in the testing period

New versions are released to the stakeholder testing environment in accordance with the release schedule, and a delivery report is drafted on the content of each new version. The release causes a service break in the testing environment. The dates and times of the breaks and the published delivery reports are available on the Version releases and delivery reports page.

Subscribers to the system information bulletin will receive information on service breaks, for example, in the stakeholder testing environment by email. Subscribe to the system information bulletin to your email.

10.4 Test data

Artificial test customer IDs are used in testing. The person who filled in the stakeholder testing start notification will receive the IDs after signing up. The end part of the artificial personal ID starts with 9, and no personal IDs of other types can be used in the testing environment.

Some of the test customer IDs are assigned specifically to the stakeholder, while others are in shared use. After signing up for testing, the stakeholder receives a list of the test customer IDs and their properties.

The project has created a range of income and benefit information, loan information, credit bans, and disputes of information for some of the shared test customer IDs. This information is needed for purposes of testing the requesting of credit register extracts. Test customer IDs for shared use (Excel file).

All data delivered to the testing environment is available for other testers using the testing environment. Data submitted to the testing environment when the reporting of data is tested will be utilised when the requesting of data is tested. For example, authorities can request test data submitted by lenders. When stakeholders submit data linked to an artificial personal identity code during testing to the testing environment, they must ensure that the data is artificial or anonymised in accordance with the requirements of the separate anonymisation instructions. The stakeholders are responsible for seeing that the test data they provide is artificial or anonymised. See the instructions on the anonymisation of test data for more information.

The test data submitted to the testing environment cannot be removed, and you should take this into account in your testing plans.

7.5 Stakeholder’s own test IDs

Only IDs that have been added to the testing environment can be used in testing. The stakeholder can add a moderate number of its own test customer IDs to the stakeholder testing environment. A stakeholder wishing to submit its own test customer data must contact us by filling in the contact form for stakeholder testing.

The stakeholder is responsible for seeing that the IDs they provide cannot be connected to natural persons or their data. See the instructions on the anonymisation of test data for more information.

8 Testing observations and reporting

Stakeholders report on their observations with the observation form provided for the purposes of stakeholder testing.

If the tester suspects an error, they can check the delivery report to see whether the error has already been reported. If the error has not been reported previously, you can fill in the observation form. Report the situation in which the error was detected as accurately as possible. You may also add screenshots or other necessary attachments to the form, such as the batch submitted or the response message.

9 Key terms

Anonymisation
Removal or irrevocable alteration of identification information in such a way that the parties cannot be identified. Instructions for the anonymisation of test data.

Stakeholders
The Positive credit register’s stakeholders include all its users, such as parties required to submit reports, users of credit register extracts, credit information companies, authorities and individuals.

Test customer
Artificial company or individual in the stakeholder testing environment with artificial customer ID.

Test data
Data batch used by the tester in the testing environment, containing data on artificial test customers.

Certificate
An electronic identifier used to identify the user.

A test certificate is for the stakeholder testing environment. An access right to and a certificate for the Positive credit register's production API must be requested separately before the rollout.

More terminology in the Positive credit register’s glossary (suomi.fi).

Page last updated 3/13/2024