Introduction
This guide is designed to assist TPP developers in their onboarding, implementation, testing and usage of the Dedicated Interface for the selected ASPSP.
Last updated
This guide is designed to assist TPP developers in their onboarding, implementation, testing and usage of the Dedicated Interface for the selected ASPSP.
Last updated
The UK Open Banking API provides access to financial data for Third Party Provider (TPP) developers and Account Servicing Payment Service Providers (ASPs). This API allows TPPs and ASPSs to securely access customer financial information and initiate payments on their behalf, with their consent. This provides customers with greater control over their financial data and allows for the development of innovative financial services and products. The API is regulated by the UK's Open Banking Implementation Entity (OBIE) to ensure that it meets the necessary security and data protection standards.
Please refer to more details.
TPPs regulated / authorised in the UK must use certificates issued by OBIE. No need to do anything else. Certificates active on the OBIE system can automatically be used with a Dedicated Interface.
Each Dedicated Interface has a published .well-known endpoints file which specifies values such as Supported Tokens and Signing Algorithms.
Each supported environment will have its own .well-known endpoints file.
You can find the .well-known endpoints file URL via the ASPSP's developer portal Home Page (Select the ASPSP HOME tab, then select the relevant API and environment).
You must register your application using DCR (follow the steps below)
Any scopes requested by the TPP must have been authorised by OBIE and must be found in the OBIE issued software statement supplied in the registration request object.
The TPP must use an OB issued (OBWAC) transport certificate for MTLS.
The TPPs registration request object must be signed by an OB issued signing certificate (OBSEAL).
In order to access our Open Banking APIs you need to use Dynamic Client Registration (DCR) and register your application. Doing so will provide you with client credentials that will be used any time the TPP accesses our Authorisation Server.
You can create as many unique Apps as you require. An App is linked to a specific environment, so you must ensure you have selected the correct environment (Production or Sandbox) when creating a software statement with the OB Directory.
For the full registration URL please refer to the registration_endpoint claim found in the .well-known endpoint.
The following list describes the supported claim values for this Dedicated Interface (these are also defined in the .well-known endpoint) :
Claim Type
Supported Value(s)
Response Type(s)
'code id_token'
Grant Type(s)
'authorization_code', 'client_credentials', 'refresh_token'
Scope(s)
'openid', 'accounts', 'payments', 'fundsconfirmations'
ID Token Signing Algorithm
'PS256'
Request Object Signing Algorithm(s)
'PS256'
Token Endpoint Auth Signing Algorithm(s)
'PS256'
After successfully following the above steps, your application will now have been registered with this Dedicated Interface.
To find out how you can start making API requests (including an explanation of our Authentication Flow) follow the steps found in the APIs & Specification tab at the top of this page.
You must have registered as a TPP on the .
The TPP must have a software statement created on the .
For DCR we have implemented the POST /register endpoint as found in v3.2 of the Open Banking .
