Open Banking allows for customers' banking data to be safely shared with trusted Third Party Providers (TPPs).
Please refer to the Open Banking website for further details
The developer portal is for software developers of Third Party Providers (TPPs) to provide the information needed to connect to our APIs.
From 23 September 2022 we will be decommissioning the B, CB and YB branded APIs. From this date you will not be able to create or re-authenticate consents or initiate payments under these brands. We will continue to support requests to access AIS and CBPII information for existing consents under these brands until the end of December 2022. All efforts should be made by TPPs to connect to the Virgin Money branded APIs before this time to avoid customer impact.
We allow Dynamic Client Registration providing you have enrolled with Open Banking and uploaded your certificates.
If you are not enrolled with Open Banking and have suitable eIDAS (QSEAL and QWAC) certificates and appropriate permissions from your relevant NCA please email us at OpenBankingResponse@cybg.com with the subject "Manual Registration" and we will process your request
Please email OpenBankingResponse@cybg.com
We will respond to your email query during normal office hours, Monday to Friday 9am to 5pm.
To assist us, please include your Open Banking organisation ID.
Please raise a ticket via our Service-Now portal (if you are registered), raise a ticket via the Open Banking Service Desk (Problem with an ASPSP > Clydesdale Bank) or email OpenBankingResponse@cybg.com.
We will respond to your email query during normal office hours, Monday to Friday 9am to 5pm.
To assist us, please include as much information as possible so we can attempt to replicate your issue including whether the issue is with our merged or standalone APIs.
We support Open Banking OBWAC and OBSeal certificates.
If you are not enrolled with Open Banking and have suitable eIDAS (QSEAL and QWAC) certificates we can accept these once you are manually registered with us.
The Transaction API will return transaction details for any period that the customer provides consent for, and if TransactionFromDateTime and TransactionToDateTime are not specified it will be default to 90 days.
Dynamic registration endpoints expect specific validation headers.
Some of our more frequent issues with Dynamic Registration are:
1) Field 'Aud'- uses the regex function (^[0-9a-zA-Z]{1,18}$) to identify this field and doesn't accept special characters.
2) Field 'Jti'- uses the regex function (^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$) to identify this field and doesn't accept lower case characters.
3) Content Type - should be 'application/jose', not 'application/jwt'.
We do not offer any way for customers to delete their consents. Please ensure you have built this functionality into your application before allowing customers to grant consents.
1) Error code 002 = no client certificate was found in session. Please check your request and try again.
2) Error code 003 = client certificate was found in session but was not QWAC type. Please check your request and try again. This is only possible if you are using an eIDAS certificate.
3) Error code 004 = client certificate was found in session but failed OCSP validation. Please check your request and try again.
Future dated payments can be made up to 365 days in advance.
For a comprehensive list of products available under each API refer to the Accounts List document found at Virgin Money Open Banking Available Accounts v3.3