OIDC API

Version 1.1.5 (Current Version)

What this API does

Open Banking compliant OpenID Connect provider

This API supports OpenID Connect code and hybrid flows as per: https://openid.net/specs/openid-connect-core-1_0.html The documentation on this page is illustrative of the behaviour of the API, but should not be considered binding. Instead, the behaviour of this API is defined in the OpenBanking security profile, which inherits from the FAPI RW specification, which inherits from the OpenID Connect specification, which in turn inherits from OAuth2.0 (https://tools.ietf.org/html/rfc6749).

IMPORTANT In production this API is hosted across two endpoints as the TLS requirements for each of the calls is different. The endpoints should be used as follows:

  • /authorize establishes a one-way TLS connection (acceptable for the PSU's user agent)
  • /token establishes a mutually authenticated TLS connection (required to access Open Banking resources)

The production endpoints are documented in Frequeently Asked Questions

GET

/oauth2/authorize

Sandbox

Copy to clipboard

Production

Copy to clipboard
POST

/oauth2/token

Sandbox

Copy to clipboard

Production

Copy to clipboard

Having trouble?

Contact our dedicated team members via our ticketing system or via our support mailbox

Opens in a new window Contact