Questions?

PSD2 Quick Start Guide

We will show how developers can simply start consuming secured open banking APIs

STEP 1: Create an Application

  1. Go to the Home page and click Try it to explore APIs.
  2. Sign in if you already have a user account in wso2.com. Else, click Create account.
    1. When you create an account, please provide a valid phone number with the country code to complete two factor authentication. [E.g., +44 xxx xxx xxxx for a UK phone number]
    2. Once you have created and verified the user account in wso2.com, use those credentials on the Open Banking login page to sign in.

  3. Click Applications in the left menu to see all Applications.
  4. Click Add Application and give an application name.

Subscribe to APIs

STEP 2: Subscribe to APIs

  1. Click APIs in the left menu to see all available APIs.
    These are APIs that can be consumed by PISP/AISP. Some APIs require proper authorization and consumer consent to provide data.
  2. Select an API to see its details.
  3. From the Applications drop-down in the upper right-hand corner of the screen, select the application that you created earlier. If you didn’t create your own application, select DefaultApplication.
  4. Click Subscribe.


  5. To subscribe to more APIs, follow the same steps.
Generate Token

STEP 3: Generate Token

The APIs are secured using the OAuth2.0 protocol. In order to call secured APIs, you should submit a valid OAuth2.0 token with required authorization levels. Depending on the security requirements, we will use the Authorization Code grant type and client credentials grant type to generate access tokens.

In this guide, the application directs the consumer to the website of the customer’s bank in order to perform authentication, delegate authorization, and get consent for the application to retrieve data or perform a transaction on the consumer’s account.

Let’s authenticate the user and obtain a token.

User Authentication

STEP 3.1: Authentication

  1. Generate Consumer Keys by going to the Sandbox Keys tab on the application details page.


  2. To simulate the scenario where the application redirects the user to the bank’s website, access the URL below using your browser.
    Note:- Replace the "YOUR_CLIENT_ID" value of "client_id" with the generated consumer key in the above step.

    1. For PISP (Payment Initiation Service Provider)

      https://api-openbanking.wso2.com/AuthorizeAPI/v1.0.0/?response_type=code&scope=payments&client_id=YOUR_CLIENT_ID&redirect_uri=https://openbanking.wso2.com/authorize_callback.do&state=cGlzcDoyMTU2

    2. For AISP (Account Information Service Provider)

      https://api-openbanking.wso2.com/AuthorizeAPI/v1.0.0/?response_type=code&scope=accounts&client_id=YOUR_CLIENT_ID&redirect_uri=https://openbanking.wso2.com/authorize_callback.do&state=YWlzcDozMTQ2

  3. When prompted, give the same credentials that you use to log in to wso2.com. This is the first factor of Strong Customer Authentication (SCA).
  4. As the second factor of SCA, give the one-time password (OTP) that we send to your mobile number via SMS. The mobile number is the one that you give at the time you sign up to wso2.com.

Authorization and Consent

STEP 3.2: Authorization and Consent

  1. Once authentication is complete, you are directed to one of the following pages for approval, depending on what category of API you subscribed to earlier:

    1. If the authentication flow is initiated by a PISP (Payment Initiation Service Provider) application (you subscribed to a Payment API), you see the below consent page, which asks for the consumer’s approval to perform the transaction.


    2. If the authentication flow is initiated by an AISP (Account Information Service Provider) application (you subscribed to an Account API), you see the below consent page, which asks for consumer approval to share privileges on the consumer’s data.


  2. Note that you get an authorization code once you have received approval. You can use this code to generate an access token with consented privileges.


  3. Use the cURL command shown below with the authorization code to receive an access token.
    Note:- Replace the "YOUR_CLIENT_ID" & "YOUR_CLIENT_SECRET" values with the generated consumer key & secret. And replace "YOUR_AUTHORIZATION_CODE" value with the code that receive in the above step.

    curl -v -X POST --basic -u YOUR_CLIENT_ID:YOUR_CLIENT_SECRET -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d "client_id=YOUR_CLIENT_ID&grant_type=authorization_code&code=YOUR_AUTHORIZATION_CODE&redirect_uri=https://openbanking.wso2.com/authorize_callback.do" 
    https://api-openbanking.wso2.com/TokenAPI/v1.0.0/

  4. You are now ready to consume the secured APIs exposed by banks.

Client Authentication

STEP 3.3: Client Authentication

  1. Generate Consumer Keys by going to the Sandbox Keys tab on the application details page.
  2. To simulate the scenario where the application consumes the APIs exposed by the bank, try the cURL command below.
    Note:- Replace the "BASE64(YOUR_CLIENT_ID:YOUR_CLIENT_SECRET)" text with base64 encoded "YOUR_CLIENT_ID:YOUR_CLIENT_SECRET".

    curl -v -X POST -H "Authorization: Basic BASE64(YOUR_CLIENT_ID:YOUR_CLIENT_SECRET)" -k -d "grant_type=client_credentials" -H "Content-Type:application/x-www-form-urlencoded" https://api-openbanking.wso2.com/TokenAPI/v1.0.0/

  3. Provide the base64 encoded client id and client secret as shown in the above command.
  4. Note that you get an OAuth2 token to use the application.

Consume APIs

STEP 4: Consume APIs

The authorization flow changes when providing access to multiple API resources under different security levels. This is based on the role of the API consumer.

Consume APIs as a User

STEP 4.1: Consume APIs as a User

  1. Select an API to view it's details.
  2. The following steps show how to generate an access token using the Client Credentials grant type

    Go to the Sandbox Keys tab on the application details page and you'll see the following options:

    1. Grant Types: Authorization Code grant type is used here.
    2. CallBack URL: Keep the default. You receive the authorization code through this URL.
    3. Access token validity period: Keep the default, which is 3600 seconds. This is the period which the token is valid before it expires and requires regeneration.
    4. Scopes Select the needed scopes for API subscriptions.

      1. For Accounts Information API, select the scope 'accounts'
      2. For Payments API, select the scope 'payment'

    5. Generate keys: Click this button to generate an access token and a consumer key and secret pair, which you use in token generation API calls.


  3. The following steps show how to generate an access token using the Authorization Code grant type

    1. Paste the following in your browser

      1. For PISP (Payment Initiation Service Provider)

        https://api-openbanking.wso2.com/AuthorizeAPI/v1.0.0/?response_type=code&scope=payments&client_id=YOUR_CLIENT_ID&redirect_uri=https://openbanking.wso2.com/authorize_callback.do&state=cGlzcDoyMTU2

      2. For AISP (Account Information Service Provider)

        https://api-openbanking.wso2.com/AuthorizeAPI/v1.0.0/?response_type=code&scope=accounts&client_id=YOUR_CLIENT_ID&redirect_uri=https://openbanking.wso2.com/authorize_callback.do&state=YWlzcDozMTQ2

    2. This takes you through the authentication and consent flow. Once successfully completed, an authorization code will be issued.
    3. Copy and paste the authorization code in the below cURL command to generate an access token.

      curl -v -X POST --basic -u YOUR_CLIENT_ID:YOUR_CLIENT_SECRET -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d "client_id=YOUR_CLIENT_ID&grant_type=authorization_code&code=YOUR_AUTHORIZATION_CODE&redirect_uri=https://openbanking.wso2.com/authorize_callback.do" 
      https://api-openbanking.wso2.com/TokenAPI/v1.0.0/

    4. Use the given access token to consume the APIs that your are subscribed to.

  4. To access the following APIs, use the access token generated above.

    • Account Information API
      1. GET accounts
      2. GET accounts/{accountId}
      3. GET accounts/{accountId}/balance
      4. GET accounts/{accountId}/beneficiaries
      5. GET accounts/{accountId}/standing-orders
      6. GET accounts/{accountId}/transactions
      7. GET accounts/{accountId}/direct-debits
      8. GET accounts/{accountId}/product

    • Payment API
      1. POST payment-initiations
      2. GET payment-initiations

Consume APIs as an Application

STEP 4.2: Consume APIs as an Application

  1. Select an API to view its details.
  2. Give the access token as shown below to invoke the API.
    The following steps show how to generate an access token using the Client Credentials grant type

    Go to the Sandbox Keys tab on the application details page and you'll see the following options:

    1. Grant Types: Client Credentials Code grant type is used here.
    2. Access token validity period: Keep the default, which is 3600 seconds. This is the period which the token is valid before it expires and requires regeneration.
    3. Scopes Select the needed scopes for API subscriptions.

      1. For Accounts Information API, select the scope 'accounts'
      2. For Payments API, select the scope 'payment'

    4. Generate keys: Click this button to generate an access token and a consumer key and secret pair, which you use in token generation API calls.


    5. Use the given access token to consume the APIs that you are allowed to consume with the Client Credentials grant type.


  3. Consume the APIs given below with a token that you generated using the Client Credentials grant type.

    1. Account Information API
      1. POST account-initiations
      2. GET account-initiations
      3. DELETE account-initiations

    2. Payment API
      1. POST payment-initiations
      2. GET payment-initiations