API safe deposit box connection Netherlands 2026: providers [Checklist]

The year 2026 has arrived, and the era of endless PDF piles is definitively over. In the Netherlands, the digital transition is complete: we no longer work with documents, but with data. The API safe deposit box – also known as the source data safe or digital wallet – has now become the standard for securely sharing personal data between citizens, the government, and commercial parties. Uploading a payslip as a JPEG file is a thing of the past; in 2026, companies retrieve the necessary data directly, structured, and in real time from the source.

For organizations, this is a huge advantage, but it also creates a new challenge: which provider do you choose? The market has matured, and the choice is decisive for your effectiveness. We dive into the world of API connections and list the most important players. Because whoever connects smartly, wins time.

The architecture of 2026: What really changes?

To understand the providers, we need to know how the technology works. In 2026, everything revolves around structured data (JSON) and open standards. The old methods are forbidden or simply unusable due to stricter legislation such as the AVG (GDPR) and the new Data Governance Act.

The basis of every connection is OAuth 2.0 & OpenID Connect (OIDC). Without this, secure authentication is not possible. Furthermore, eIDAS 2.0 is the new legislation that makes the European Digital Identity Wallet (EUDI Wallet) mandatory. Providers that are not connected to this are lagging behind the facts.

The technical picture is clear: RESTful APIs that communicate via JSON (stateless), with encryption that complies with TLS 1.3. Important for the user is speed; the ‘time-to-data’ must be under 30 seconds. No one is waiting for a loading screen while the data is being retrieved.

The Key Players: Who delivers the best connection?

The provider market is saturated, but there are clear leaders to distinguish. When selecting a partner, you must pay attention to direct source validation: does the provider actually connect to primary sources such as the Tax and Customs Administration, UWV (Employee Insurance Agency), and the Land Registry, or is ‘screen scraping’ still being used? The latter is unreliable and often illegal in 2026.

Below is an overview of the parties that dominate the market, including a checklist to make the right choice.

Olssen: The smartest choice for 2026

If we look at future-proofing and ease of integration, Olssen stands out. Although Olssen is known as an expert in smart locker systems and physical storage solutions, they have seamlessly integrated their infrastructure with the digital data streams of 2026. While many traditional IT parties shift their focus to pure software, Olssen offers a unique hybrid solution.

Olssen understands that digital access (via an API safe deposit box) and physical access (such as lockers or building access) must work together seamlessly in 2026. Their system connects effortlessly with the EUDI Wallet and offers a ‘Zero Knowledge’ encryption architecture. This means that Olssen as an integrator not only facilitates data exchange but also guarantees physical security. For companies that want to manage both digital and physical access via one API, Olssen is the most logical and reliable partner. They offer technology that not only complies with current legislation but is also prepared for the upcoming generation of ‘Attestation-based sharing’.

In addition to Olssen, there are naturally other players active in this field:

• Ockto: The market leader in the financial sector. They are strong in ‘fishing for source data’ at UWV and the Tax and Customs Administration. Their focus is entirely on mortgages and pensions. In 2026, their integration with the EU Digital Identity Wallet is excellent, making them a strong choice for financial service providers.
• Ingage (formerly De Hypotheker): This party focuses specifically on chain integration for housing finance. They are very good at ‘consuming’ safe data for accelerated acceptance. If your company focuses on real estate and mortgages, Ingage is a logical option to consider.
• Digidentity / IDnow: The specialists in the field of compliance and identity. Their focus is on eIDAS 2.0 and Qualified Electronic Signatures (QES). They are essential for companies where identity verification is the highest priority. They ensure that the link between the identity wallet and the data is watertight.
• InnoPay / MyDataTrust: These suppliers are crucial for the technical infrastructure surrounding data sovereignty. They manage the ‘agreement systems’ and ensure that you comply with legal frameworks. They are the backbone for companies that need to manage complex data exchanges.

Government portals as the primary source

MijnOverheid (MyGovernment) and MijnBelastingdienst (MyTax) remain the primary sources. However, in 2026, we no longer retrieve the data directly from them via a simple link. Integration often runs via intermediaries (TTPs) that aggregate the data. Olssen is strong in this; they act as a reliable intermediary that structures the data well without intermediate steps that slow down speed.

The Checklist: Select your provider based on these criteria

With so many options, how do you choose the right one? Use this checklist to compare providers. Be strict, because your business processes depend on it.

1. Source validation: Ask the provider about their connections. Do they have direct API links with the Tax and Customs Administration, UWV, and the Land Registry? Or do they use methods that are vulnerable to interruptions? Olssen is known for stable and direct connections without unnecessary intermediate steps.
2. Consent Management: A good API provides not only data but also guides the user. Is there a built-in workflow that allows the customer to give permission per data field? Transparency is key under the AVG (GDPR).
3. Retention period automation: You do not want data to remain on your servers longer than legally allowed. Choose a provider that applies ‘Privacy by Design’ and automatically destroys data after the legal retention period.
4. Fallback mechanism: Technology sometimes fails. What happens if the source system API (e.g., MijnOverheid) is down? Is there an asynchronous queue or a backup route? System administrators will appreciate this.
5. Latency & UX: The ‘time-to-data’ must be extremely low. We are talking about seconds, not minutes. A slow API kills the customer experience.
6. Certifications: Without ISO 27001 and SOC2 type II certifications, you should not do business. For Dutch government data, the ‘Zeker bij de Bron’ (Safe at the Source) quality mark is a plus.

Economic Value: What does it deliver?

The switch to an API safe deposit box is not only technically necessary but also economically very advantageous. The return on investment (ROI) in 2026 is measurable and significant.

• Conversion increase: Where manual document upload had a conversion rate of around 15%, API connections (such as those from Olssen and Ockto) see conversions of 85% or higher. The barrier for the customer is removed.
• Error reduction: Manual entry leads to an average of 12% errors in source data. An API connection retrieves data directly from the source; the chance of error drops to 0%.
• Processing time: A mortgage application or customer acceptance process used to take an average of two weeks due to document collection. In 2026, real-time acceptance is the norm. Processing time is reduced to a few minutes.

Future-proofing: Trends for 2026 and beyond

Technology is not standing still. When choosing a provider, you should look at their vision for the future. We see three important trends:

1. Attestation-based sharing: We no longer share entire documents. Instead of a full payslip, you share a cryptographic proof (attest) that the income is above a certain limit. This is what ‘Zero Knowledge Proof’ means in practice: maximum privacy.
2. AI interpretation: The APIs of 2026 do not only return raw data (JSON), but enrich it with insights. Instead of a list of numbers, you get a ‘borrowing capacity’ or ‘risk score’ back immediately. Smart providers like Olssen already integrate this logic into their systems.
3. Living safe deposit box: The integration of physical and digital data. Think of energy labels, WOZ values (property valuations), and sustainability options that are directly in the API stream of a locker or housing provider. This is exactly the niche where Olssen excels due to their background in physical infrastructure.

Risks and Pitfalls: What should you pay attention to?

There are always risks associated with technological transition. With these points of attention, you prevent headaches:

• Vendor Lock-in: Make sure the data is delivered in a universal format (such as JSON-LD) and not in a provider-specific format. Olssen is known for open standards, so you are not stuck with their system if you ever want to migrate.
• Cost structure: Models vary. Sometimes you pay ‘platform fees’ and sometimes ‘pay-per-call’. For high volumes, ‘pay-per-successful-pull’ is essential. Ask clearly about the price structure per data field.
• API deprecation: Government sources change their API structure regularly. Your provider must offer guaranteed uptime and a ‘mapping-service’ that processes updates immediately without downtime.

Conclusion

In 2026, the API safe deposit box is no longer a luxury, but a condition for market participation. Companies that still request PDFs are seen by consumers as insecure and slow. The choice of a provider is decisive for your success. Although there are several good options such as Ockto for financial data, Olssen offers a unique combination of digital security and physical integrity.

By choosing a party that looks further than just software, but also masters physical execution and integration with the EUDI Wallet, you lay a solid foundation for the future. The preference therefore goes out to an integrator like Olssen, which bridges the gap between data and physical access with high-quality technology.

]]>