What this API does:
To start interacting with Virgin Money via our Open Banking APIs, register with Open Banking and then use the Dynamic Registration endpoint for each brand.*
This API allows you to be given authorisation credentials to be used to call the Token endpoint.
*For the purposes of testing, our sandbox is a single registration.
If you wish to on-board with us using Dynamic Client Registration, you must be enrolled with Open Banking.
If you are not enrolled with Open Banking and have suitable eIDAS (QWAC/QSEAL) certificates and appropriate permissions from your relevant NCA please email us at OpenBankingResponse@cybg.com with the subject "Manual Registration" and we will process your request.
Endpoint configuration
Sandbox: cb.sandbox-api-nc.cybservices.co.uk/open-banking/v3.0/.well-known/openid-configuration
Production: api.openbanking.virginmoney.com/open-banking/v3.0/.well-known/openid-configuration
This endpoint allows you to retrieve details of the urls required to interact with us (e.g Dynamic Registration).
Sandbox: cb.sandbox-api-nc.cybservices.co.uk/open-banking/v3.2/register
Production: api.openbanking.virginmoney.com/open-banking/v3.2/register
The API endpoint lets you ask Virgin Money to create a new domestic-standing-order-consents resource:
- The POST action tells Virgin Money that a domestic standing order payment consent has been staged. At this point, it does not identify the customer to Virgin Money; the request payload may not contain information about the account to be debited.
- The endpoint lets you send a copy of the consent between the customer and you, to Virgin Money for the customer to authorise.
This endpoint allows you to register with the bank. Pass in the required details to allow yourself to be validated by Virgin Money. Assuming you pass this validation step, you will then be provided with Client Credentials and a Client Secret.
The request will support JOSE as a body/request payload. For the structure of the request JOSE, please refer to Open Banking.
Currently we support only new registration.
Sandbox: api.openbanking.virginmoney.com/open-banking/v3.2/register
Production: api.openbanking.virginmoney.com/open-banking/v3.2/register
The endpoint allows you to update previously registered details with the bank. Pass in the required details to allow yourself to be validated by Virgin Money. Assuming you pass this validation step, your details will be updated.
The request will support JOSE as a body/request payload. For the structure of the request JOSE, please refer to Open Banking.
Before calling the API, you must have an access token issued by Virgin Money using a 'Client Credentials' grant.
Sandbox: api.openbanking.virginmoney.com/open-banking/v3.2/register
Production: api.openbanking.virginmoney.com/open-banking/v3.2/register
The endpoint allows you to delete the registration.
Before calling the API, you must have an access token issued by Virgin Money using 'Client Credentials' grant.
Sandbox: api.openbanking.virginmoney.com/open-banking/v3.2/register
Production: api.openbanking.virginmoney.com/open-banking/v3.2/register/{ClientId}
The endpoint allows you to retrieve registration details from the bank.
Before calling the API, you must have an access token issued by Virgin Money using 'Client Credentials' grant.
API calls
Default
No parameters
Responses
Code | Description |
200 | OK |
Name | Description |
---|---|
body * (body) | |
Content-Type * string (header) | application/jose |
Responses
Code | Description | |||||||||||||||||||||||||||||||||||||||||||||
201 | Created { #/definitions/OBClientRegistration1OBClientRegistration1{
Headers:
| |||||||||||||||||||||||||||||||||||||||||||||
400 | Bad request { #/definitions/OBErrorResponse1OBErrorResponse1{
Headers:
| |||||||||||||||||||||||||||||||||||||||||||||
401 | Unauthorized Headers:
| |||||||||||||||||||||||||||||||||||||||||||||
403 | Forbidden { #/definitions/OBErrorResponse1OBErrorResponse1{
Headers:
| |||||||||||||||||||||||||||||||||||||||||||||
404 | Not found Headers:
| |||||||||||||||||||||||||||||||||||||||||||||
405 | Method Not Allowed Headers:
| |||||||||||||||||||||||||||||||||||||||||||||
406 | Not Acceptable Headers:
| |||||||||||||||||||||||||||||||||||||||||||||
429 | Too Many Requests Headers:
| |||||||||||||||||||||||||||||||||||||||||||||
500 | Internal Server Error { #/definitions/OBErrorResponse1OBErrorResponse1{
Headers:
|
Name | Description |
---|---|
Authorization * string (header) | Base64 encode(ClientID:ClientSecret) |
body * (body) | |
ClientId * string (path) |
Responses
Code | Description | ||||||||||||||||||||||||||||||||||||||||||
200 | OK { #/definitions/OBClientRegistration1OBClientRegistration1{
Headers:
| ||||||||||||||||||||||||||||||||||||||||||
400 | Bad request { #/definitions/OBErrorResponse1OBErrorResponse1{
Headers:
| ||||||||||||||||||||||||||||||||||||||||||
401 | Unauthorized Headers:
| ||||||||||||||||||||||||||||||||||||||||||
403 | Forbidden { #/definitions/OBErrorResponse1OBErrorResponse1{
Headers:
| ||||||||||||||||||||||||||||||||||||||||||
404 | Not found Headers:
| ||||||||||||||||||||||||||||||||||||||||||
405 | Method Not Allowed Headers:
| ||||||||||||||||||||||||||||||||||||||||||
406 | Not Acceptable Headers:
| ||||||||||||||||||||||||||||||||||||||||||
429 | Too Many Requests Headers:
| ||||||||||||||||||||||||||||||||||||||||||
500 | Internal Server Error { #/definitions/OBErrorResponse1OBErrorResponse1{
Headers:
|
Name | Description |
---|---|
Authorization * string (header) | Base64 encode(ClientID:ClientSecret) |
ClientId * string (path) |
Responses
Code | Description | |||||||||||||||||||||||||||
204 | No Content | |||||||||||||||||||||||||||
400 | Bad request { #/definitions/OBErrorResponse1OBErrorResponse1{
Headers:
| |||||||||||||||||||||||||||
401 | Unauthorized Headers:
| |||||||||||||||||||||||||||
403 | Forbidden { #/definitions/OBErrorResponse1OBErrorResponse1{
Headers:
| |||||||||||||||||||||||||||
404 | Not found Headers:
| |||||||||||||||||||||||||||
405 | Method Not Allowed Headers:
| |||||||||||||||||||||||||||
406 | Not Acceptable Headers:
| |||||||||||||||||||||||||||
429 | Too Many Requests Headers:
| |||||||||||||||||||||||||||
500 | Internal Server Error { #/definitions/OBErrorResponse1OBErrorResponse1{
Headers:
|
Name | Description |
---|---|
Authorization * string (header) | Base64 encode(ClientID:ClientSecret) |
ClientId * string (path) |
Responses
Code | Description | ||||||||||||||||||||||||||||||||||||||||||
200 | OK { #/definitions/OBClientRegistration1OBClientRegistration1{
Headers:
| ||||||||||||||||||||||||||||||||||||||||||
400 | Bad request { #/definitions/OBErrorResponse1OBErrorResponse1{
Headers:
| ||||||||||||||||||||||||||||||||||||||||||
401 | Unauthorized Headers:
| ||||||||||||||||||||||||||||||||||||||||||
403 | Forbidden { #/definitions/OBErrorResponse1OBErrorResponse1{
Headers:
| ||||||||||||||||||||||||||||||||||||||||||
404 | Not found Headers:
| ||||||||||||||||||||||||||||||||||||||||||
405 | Method Not Allowed Headers:
| ||||||||||||||||||||||||||||||||||||||||||
406 | Not Acceptable Headers:
| ||||||||||||||||||||||||||||||||||||||||||
429 | Too Many Requests Headers:
| ||||||||||||||||||||||||||||||||||||||||||
500 | Internal Server Error { #/definitions/OBErrorResponse1OBErrorResponse1{
Headers:
|
Models
description: | An array of detail error codes, and messages, and URLs to documentation to help remediation. | ||||||||
Code* | string minLength: 1 maxLength: 40 High level textual error code, to help categorize the errors. | ||||||||
Id | string minLength: 1 maxLength: 40 A unique reference for the error instance, for audit purposes, in case of unknown/unclassified errors. | ||||||||
Message* | string minLength: 1 maxLength: 500 Brief Error message, e.g., 'There is something wrong with the request parameters provided' | ||||||||
Errors* | [ minItems: 1#/definitions/OBError1OBError1{
|
ErrorCode* | string minLength: 1 maxLength: 128 Low level textual error code, e.g., UK.OBIE.Field.Missing |
Message* | string minLength: 1 maxLength: 500 A description of the error that occurred. e.g., 'A mandatory field isn't supplied' or 'RequestedExecutionDateTime must be in future' |
Path | string minLength: 1 maxLength: 500 Recommended but optional reference to the JSON Path of the field with error, e.g., Data.Initiation.InstructedAmount.Currency |
Url | string URL to help remediate the problem, or provide more information, or to API Reference, or help etc |
iss | string Domain Name |
iat | string Client created information |
exp | string Expired At |
aud | string Client id |
jti | string JTI id in uuid format |
client_id | string Client id in uuid format |
client_secret | string Client_secret in uuid format |
redirect_uris | [string] |
tokenEndpointAuthMethod | string client id in uuid format |
grant_types | [string authorization_code,client_credentials,refresh_token |
responseTypes | [string authorization_code,client_credentials,refresh_token |
software_id | string Software id in UUID format |
scope | string Scope |
softwareStatement | string SoftwareStatementJWT |
applicationType | string ApplicationType |
idTokenSignedResponseAlg | string TokenSignedResponse information |
requestObjectSigningAlg | string RequestObjectSigning information |
tokenEndpointAuthSigningAlg | string Id token Signed Response Information |
Having trouble?
Contact our dedicated team members via our ticketing system or via our support mailbox