The following APIs are available in our production environment

API

Version

PTSB Dynamic Client Registration v1.0
Account and Transactions Open Banking UK v3.1
Payment Initiation Open Banking UK v3.1
Confirmation of Funds Open Banking UK v3.1

Register You Application

To get started with our APIs you will need to register your application using the Dynamic Client Register API and be provided with OAuth 2.0 client credentials. 

 PTSB Dynamic Client Registration API Guide PDF

Production Technical Information 

Please find below key information in relation to our production environment.

 

Endpoints

User Info endpoint: currently PTSB is not supporting the userInfo endpoint.

x-fapi-financial-id

 

The PTSB OBIE Financial ID is 0015800001ZEZ3yAAH

It is optional to provide an x-fapi-interaction-id, however we recommend passing a globally unique x-fapi-interaction-id header to be used as a correlation ID. If no x-fapi-interaction-id header is passed, an ID will be generated by us and returned in our response.

OAuth

We have developed our Security Profile in line with the Open Banking Standards: detailed information including specifications is available on UK Open Bank Security Profile.

  • PTSB are implementing OAuth2.0 “Hybrid flow” as specified by the Open Banking Standards
  • Client Credentials Grant Access Token is valid for 60 minutes
  • AISP - Authorisation Grant Access Token is valid for 90 days
  • PISP - Authorisation Grant Access Token is valid for 60 seconds
Process for signing a payload 

PTSB requires TPP’s to sign their Payment Post requests with their QSealC certificate. The following outlines the steps for signing a payments payload.

Step 1: Identify the Private Key and Corresponding Signing Certificate to be used for Signing.

We require TPP’s to sign their messages with their QSealC certificate. The signing key must be valid at the time of creating the JWS. The TPP’s QSealC certificate which contains the TPP’s public key must be transmitted with the request in the “tpp-signature-certificate” header. 

Step 2: Form the JOSE Header. The JOSE header for the signature must contain the following claims:

a.  alg -

       i. This must be PS256 or ES256.

b.  https://openbanking.org.ul/iat

       i. This must be in the past, a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.

c.  https://openbanking.org.uk/iss

      i. This value must match the subject of the signing certificate.

Step 3: Compute the JWS. The signer must compute the signature as a detached JWS.

Step 4: Add the JWS as a HTTP Header. The signer must include an HTTP header called x-jws-signature with its value set to the signature computed in Step 3.

NOTE: All Dynamic Client Registration API response and PISP response messages sent to a TPP will be signed by PTSB’s QSealC certificate. The API response messages sent to the TPP will be accompanied by the “x-jws-signature” in the header. TPPs should use our well-known configuration endpoint and from here they will use the "jwks_uri":" to retrieve the PTSB QSealC Certificate for signature validation.

Alert: Please ensure that there are no trailing spaces or lines at the end of the JWT request body.

 

API Functional Implementation Guidelines

Please find below API functional implementation guidelines.

API

Version

Guide

Account and Transactions Open Banking UK v3.1 AISP functional implementation guide
Payment Initiation Open Banking UK v3.1 PISP functional implementation guide 

 

Note: We currently only support SCA redirect for following AISP requests (unless an exemption applies).

  • Account Access Consents
  • Balances
  • Transactions

 

We are planning to introduce SCA redirect for remainder of the data requests in near future and AISPs will be notified in advance of the change.

Terms of Use

Please read our Terms of Use (pdf, 156KB) before accessing our production APIs.

API Technical Specifications

For further information about our APIs including the API Swagger definitions please enrol on the Developer Portal. The Account and Transactions, Payment Initiation and Confirmation of Funds APIs are developed in line with the Open Banking Standards. 

Sandbox

Please use our Sandbox to test your application’s integration with our suite of API in advance of using the production environment.

TPP Enrolment Form

Use our TPP enrolment Form to request access to our developer portal.

Terms of Use

Please read our Terms of Use before you enrol on the developer portal and use the test sandbox.

Data Privacy Statement

Please read our Data Privacy Statement before you enrol on the developer portal and use the test sandbox.

Back to top
Page loading

Alternate Text