Quick Start Guide

Try out the Open Banking APIs in the Developer Portal

This guide walks you through the WSO2 Open Banking Accelerator Sandbox.

Sign up as an API consumer

  • Click here to create an account in the portal as an API Consumer(TPP/Data Recipient).

Sign up as a bank customer

  • Click here to create an account in the portal as a bank customer.

Sign in as an API consumer

  • Visit the Developer Portal from here.
  • Click the SIGN-IN button.
  • Enter the user credentials for an API Consumer.

  • Once you sign in, you can see the published APIs in the APIs tab. Given below is a brief explanation of all published APIs.

    • Token API: To generate application access tokens and the user access tokens
    • Authorize API: To generate HTTPS requests that will authorize the consent prior to obtaining the authorization code
    • Account and Transaction API: To generate accounts-consents in order to obtain account-related information
    • Dynamic Client Registration API: To create Dynamic Client Registration (DCR) Applications

Try out the flow

This section explains how to complete an entire API flow from creating a DCR application to obtaining account information using an authorized consent.

Register an application

If you already have a Client ID of a registered application in the portal, skip this section.

  • Go to the Dynamic Client Registration API.
  • From the left menu pane, select the Try Out option.
  • Copy the SSA available here.
  • Paste the content copied for the SSA and leave the Software ID input field blank.
  • Then generate the payload.
  • Select the DCR application POST /register call.
  • Paste the previously generated payload as the request body.
  • Click Execute.
  • From the response, copy the Client ID of the application. You can use the same application to try out the flow again.
  • Save the Client ID for future use, as you cannot retrieve this value later.

Obtain an application access token

  • Go to the Token API.
  • From the left menu pane, select the Try Out option.
  • Enter the Client ID of the application and generate an assertion.
  • Select the POST /v1.0.0 call to obtain the access token.
  • Fill in the required fields in the form along with the generated assertion.
  • Set the grant_type to client_credentials and leave the code input field empty.
  • Click Execute.
  • From the response, copy the access token value. This is the application access token.
  • Go to the Account and Transaction API.
  • From the left menu pane, select the Try Out option.
  • In the Security section, enter the application access token obtained in the previous step.
  • Select the POST account-access-consents call.

  • Update the DateTime values in the sample payload to future date and time. Include the below mentioned set of permissions in the Permissions section of the request body to try out all the Account and Transaction APIs.

    "ReadAccountsDetail",

    "ReadTransactionsDetail",

    "ReadBalances"

  • Click Execute.
  • From the response, copy the Consent ID value.
  • Go to the Authorize API.
  • From the left menu pane, select the Try Out option.
  • Fill in the required fields in the form and generate the request object.

  • Use the Client ID of the DCR application created.
  • Use the Consent ID obtained from the previous step.
  • Set the Scopes to accounts openid.

  • Enter the Redirect URL value as

    https://is-sandbox-openbanking.wso2.com/ob/authenticationendpoint/auth_code.do

  • Select the GET call to obtain the HTTP request to authorize the consent.
  • Fill in the required fields in the form along with the request object.

  • Click Execute.
  • Copy the generated Request URL and paste it into a browser.
  • Enter the user credentials of the bank customer to authorize the consent.
  • As 2FA is enabled, obtain the TOTP from the authenticator application through which the QR code was scanned and saved during the initial login.
  • Select the checkboxes of the required accounts and click the Approve button.
  • Copy the authorization code displayed in the UI.

Obtain a user access token

  • Go to the Token API.
  • From the left menu pane, select the Try Out option.
  • Enter the Client ID of the application and generate an assertion.
  • Select the POST call to obtain the access token.
  • Fill in the required fields in the form along with the generated assertion.
  • Click Execute.
  • Set the grant_type to authorization_code.
  • Use the authorization code obtained from the previous step for the code input field.
  • From the response, copy the access token value. This is the user access token.

Retrieve accounts information

  • Go to the Account and Transaction API.
  • From the left menu pane, select the Try Out option.
  • In the Security section, enter the user access token obtained in the previous step.
  • Select the Get Accounts call.
  • Set the Account Id to 1.
  • Click Execute.
  • The response contains account details.

Retrieve an application

  • Follow the Obtain an application access token step and obtain an application access token.
  • Go to the Dynamic Client Registration API.
  • From the left menu pane, select the Try Out option.
  • In the Security section, enter the application access token obtained.
  • Select the DCR application GET /register/{ClientId} call.
  • Enter the Client ID of the application created.
  • Click Execute.
  • The response contains the application details.

Update an application

  • Follow the Obtain an application access token step and obtain an application access token.
  • Go to the Dynamic Client Registration API.
  • From the left menu pane, select the Try Out option.
  • In the Security section, enter the application access token obtained.
  • Follow the Retrieve an application step and obtain the software_id from the response.
  • Copy the SSA available here.
  • Paste the content copied for the SSA and input the Software ID of the application to update which was obtained by retrieving the application details previously.
  • Then generate the payload.
  • Select the DCR application PUT /register/{ClientId} call.
  • Paste the previously generated payload and enter the Client ID of the application created.
  • Click Execute.
  • The response contains the updated application details.

Delete an application

  • Follow the Obtain an application access token step and obtain an application access token.
  • Go to the Dynamic Client Registration API.
  • From the left menu pane, select the Try Out option.
  • In the Security section, enter the application access token obtained.
  • Select the DCR application DELETE /register/{ClientId} call.
  • Enter the Client ID of the application created.
  • Click Execute.
  • The response will be a 204 which confirms that the application was deleted.

WSO2 Open Banking | Copyright © WSO2 LLC. 2022