NAV Navbar

Account Information Services API

API Endpoints

Production: https://integrations.capitalone.co.uk/open-banking/
Sandbox: https://auth-ui-obsbox.capitalone.co.uk/

Scroll down for code samples, example requests and responses. Code samples are written using CURL for clarity.

The Capital One UK Open Banking Interface allows authorised Account Information Service Providers to access account information, including balances and transactions for our customers.

Our implementation follows the UK Open Banking specification, available at www.openbanking.org.uk and to use the interface you must be registered with the Financial Conduct Authority (FCA) as an Account Information Service Provider (AISP).

In order to get in contact with The Open Banking team at Capital One UK you can email Capital One Open Banking Support. This is the team that manages access to the Account Information Services API.

You can get started by Testing in the Sandbox.

Well-Known Endpoints

We’ve described the paths of our well-known endpoints for the Sandbox and Production environments below.

Example Sandbox Request

$ curl -X get "https://auth-ui-obsbox.capitalone.co.uk/.well-known/openid-configuration" \
    -H "accept: application/json"

Sandbox

GET https://auth-ui-obsbox.capitalone.co.uk/.well-known/openid-configuration

Example Production Request

$ curl -X get "https://integrations.capitalone.co.uk/.well-known/openid-configuration" \
    -H "accept: application/json"

Production

GET https://integrations.capitalone.co.uk/.well-known/openid-configuration

Registration

Our interface supports Third Party Provider (TPP) onboarding via Dynamic Client Registration specification as outlined in the OpenBanking documentation. Therefore it is expected that the third party will send a compliant registration request over a valid MTLS connection.

This request MUST have the Content-Type of application/jwt and MUST contain an SSA issued to the third party by OpenBanking. Further to this, supplied redirect_uris MUST match or be a subset of the software_redirect_uris claim in the SSA. Values provided in the request MUST comply with the supported values advertised on the .well-known configuration endpoint.

The authorization server maintains the right to modify any of the values provided in the registration request, as is its prerogative per RFC7591.

All values stored for the client will be returned by the authorization server in the registration response. Therefore, it is imperative that the third party uses the values returned in the response, not the values that it sent in the request.

At this time there no support for Client Management.

POST /oauth/register

Registers a new OAuth client using the details provided in the request body. These values may be discarded or replaced as deemed appropriate by the authorization server.

Any modified values will be replayed to the requester in the JSON response.

See Open Banking Dynamic Client Registration for more details.

Request Arguments

$ curl -X post "https://open-banking.capitalone.co.uk/open-banking/oauth/register" \
    -H "Content-Type: application/jwt" \
    -H "accept: application/json" \
    -d "string"
Parameter Description
requestBody
Required
Details of the client to be created.

Response Arguments

Example 201 Response

{
    "client_id": "string",
    "client_secret": "string",
    "client_secret_expires_at": 0,
    "registration_access_token": "string",
    "registration_client_uri": "string",
    "grant_types": [
        "client_credentials"
    ],
    "redirect_uris": [
        "string"
    ],
    "scope": "string",
    "jwks_uri": "string",
    "response_types": [
        "code id_token"
    ],
    "token_endpoint_auth_method": "client_secret_basic",
    "request_object_signing_alg": "PS256",
    "id_token_signed_response_alg": "PS256",
    "software_on_behalf_of": "string",
    "org_id": "string",
    "org_name": "string"
}
Parameter Description
client_id A unique identifier issued to the newly created client. This should be used by the client to identify itself in future interactions with the authorization server.
client_secret A secret credential to be presented by the client when authenticating iteslf with the authorization server.
client_secret_expires_at Time at which the client secret will expire or 0 if it will never expire.
registration_access_token A bearer token issued to the client that it must present when making future requests to query or otherwise manage its registration with the authorization server.
registration_client_uri The URI to which the client may send future requests to query or otherwise manage its registration with the authorization server.
grant_types The set of grant types registered for the client. A client must be registered with the appropriate grant type if it wishes to make requests to the token endpoint of that type.
redirect_uris The list of redirect URIs that were registered for the client. Any requests made by the client where a redirect URI is required will be validated against this list to ensure that the URI has been pre-registered for the client.
scope A space-separated list of scopes registered for the client.
jwks_uri The URL at which the client’s JWKS is located.
response_types The response types that are registered for the client.
token_endpoint_auth_method The selected method that the client will use to authenticate itself at the token endpoint. Requests made by the client using a method other than the one it is registered to use will be rejected.
request_object_signing_alg The signing algorithm used by the client for signing request objects.
id_token_signed_response_alg The signing algorithm that the authorization server will use for signing the ID Token.
software_on_behalf_of The ‘OnBehalfOf’ value registered for the client

Note: This will appear as part of the customer-facing consent process.
org_id The Open Banking organization ID associated with the client.
org_name The organization name associated with the client.

Note: This will appear as part of the customer-facing consent process.

Consent

In order to retrieve data via our Interface the customer must first have granted consent to each authorised TPP client.

To enable this our interface implements the Open Banking flavour of OAuth 2.0 allowing users to log in to applications without exposing their credentials.

Once granted by the customer, access can then be queried and managed through Consent Management endpoints.

TPPs will need to create an AccountAccessConsent for each customer that they want to access data on behalf of. The details of this request are given in the OpenBanking specification.

The process involves several steps:

  1. Creation of an AccountAccessConsent for each customer that they want to access data on behalf of
  2. Redirect the customer to Capital One to authorise your app
  3. Acquire an access token, and optionally a refresh token

If you were issued a refresh token this can be used to refresh the access token when it expires.

Permissions

Capital One currently support a subset of Account Access Consents permissions. These align with the data endpoints supported by our API implementation. Account Access Consent requests with unsupported permissions will be rejected.

Supported Permissions:

Create Account Request

POST /account-access-consents

Creates a new Account Access Consent to which a customer can consent. The details of the consent (permissions, expiry date/time etc.) are contained in the body of the request.

Successful requests will result in a response containing a ConsentId that the TPP can use to reference the Account Access Consent that has been created.

Request Arguments

$ curl -X post "https://open-banking.capitalone.co.uk/open-banking/v3.1/aisp/account-access-consents" \
    -H "accept: application/json" \
    -H "Content-Type: application/json" \
    -H 'Authorization: Bearer $accessToken' \
    -d "{\"Data\":{\"Permissions\":[\"ReadAccountsBasic\"]}}"
Parameter Description
accessToken
Required
The access token you were provided.
Permissions
Required
A list of permissions that the TPP is requesting from the PSU. See the Open Banking Specification for full details.

Note: Capital One do not support the full list of permissions listed in the Open Banking Specification. Requests containing any values other than those listed in the above enumeration will be rejected.
ExpirationDateTime The Date/Time at which the consent will no longer be deemed valid.
TransactionFromDateTime The Date/Time from which transactions data will be reported for the PSU in relation to this consent.
TransactionToDateTime The Date/Time up to which transactions data will be reported for the PSU in relation to this consent.
Risk A field that you pass an empty object by default.

Response Arguments

Example 201 Response

{
    "Data": {
        "ConsentId": "string",
        "Status": "AwaitingAuthorisation",
        "StatusUpdateDateTime": "2019-11-07T18:28:28.062Z",
        "CreationDateTime": "2019-11-07T18:28:28.062Z",
        "Permissions": [
            "ReadAccountsBasic"
        ],
        "ExpirationDateTime": "2019-11-07T18:28:28.062Z",
        "TransactionFromDateTime": "2019-11-07T18:28:28.062Z",
        "TransactionToDateTime": "2019-11-07T18:28:28.062Z"
    },
    "Risk": {},
    "Links": {
        "Self": "string"
    },
    "Meta": {
        "TotalPages": 1
    }
}
Parameter Description
ConsentId A unique identifier for the consent. This value should be used by the TPP in subsequent requests to reference the consent.
Status The current status of the consent.
StatusUpdateDateTime The Date/Time that the consent was last updated.
CreationDateTime The Date/Time that the consent was created.
Permissions The list of Open Banking TPP permissions that are associated with this consent.
ExpirationDateTime The Date/Time at which the consent will no longer be deemed valid.
TransactionFromDateTime The Date/Time from which transactions data will be reported for the PSU in relation to this consent.
TransactionToDateTime The Date/Time up to which transactions data will be reported for the PSU in relation to this consent.
Self An absolute URL that references this resource.
TotalPages The total number of pages available in the response.

Redirection to Capital One for Customer Authorisation

GET /authorize

TPPs should redirect PSUs to this endpoint to begin the authentication and authorization process for consent.

See the Open Banking Security Profile for detailed information about the parameters to this endpoint.

Request Arguments

$ curl -X get "https://myaccount-data.capitalone.co.uk/authorize?request=$request&response_type=code%20id_token&redirect_uri=$redirect_uri&scope=$scope&client_id=$client_id&state=$state" \
    -H "accept: */*" \
Parameter Description
request
Required
A JWS containing a Request Object as defined in OIDC Core
response_type
Required
The type of response required by the client as defined in OIDC Core
redirect_uri
Required
The URI to which the customer should be redirected at the end of the authorisation flow as defined in OIDC Core. This must match one of the redirect URIs registered by the client via Dynamic Client Registration.
scope
Required
The OAuth scopes being requested by this authorisation as defined in OIDC Core. The requested scopes must be a subset of the scopes registered for the client via Dynamic Client Registration.
client_id
Required
The ID of the client making the authorisation request as defined in OIDC Core.
state State provided by the client as defined in OIDC Core

Response Arguments

Parameter Description
Status: 302 Redirect back to the requested redirect_uri.

This may be the result of a successful authorization or as the result of an error to be communicated to the TPP. In the case of a successful authorization, the redirect URL will contain an authorization code and an ID token in the fragment of the URL.

Authorization Code Exchange

POST /oauth/token

Obtain an OAuth access token

Request Arguments

$ curl -X post "https://open-banking.capitalone.co.uk/open-banking/oauth/token" \
    -H "accept: application/json" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d "grant_type=$grant_type"
Parameter Description
grant_type
Required
The requested grant type as defined in the OAuth specification.
client_id The ID of the client as issued by the authorization server during registration.
client_secret The secret issued to the client as issued by this service during registration.
code The authorization code being submitted (authorization_code grant type only).
refresh_token The refresh token being submitted (refresh_token grant type only).
redirect_uri The redirect URI that was used as part of the authorization flow (authorization_code grant type only). See the OAuth specification for more details.

Response Arguments

Example 200 Response

{
    "access_token": "string",
    "refresh_token": "string",
    "id_token": "string",
    "scope": "string",
    "expires_in": 0,
    "token_type": "Bearer"
}
Parameter Description
access_token
Required
A bearer token issued to the client that it should present when making requests to the resource server.
refresh_token A token issued to the client to allow it to get a new access token by presenting the refresh token as part of a refresh_token grant to the token endpoint of the authorization server.
id_token A token containing claims about the authorization of the end user.
scope
Required
A space-separated list of scopes to which the access token is bound.
expires_in
Required
The number of seconds before the token included in this response expires.
token_type The type of the issued token.

Consent Management

Our interface provides endpoints allowing authorised TPPs to query and manage the status of AIS consents they’ve requested.

All consent endpoints are served over MTLS. Therefore, the TPP must present a valid OpenBanking transport certificate to successfully connect.

Query Account Request

TPPs can query the status of any consent that they own by sending a GET request to /account-access-consents/{ConsentId} with an access token in the Authorization header that was issued by the authorization server in response to a client_credentials grant.

Attempting to access an invalid Consent ID, or one owned by a different client to the one to which the access token was issued, will result in an error response.

GET /account-requests/{$ConsentId}

Retrieves the Account Access Consent for the specified ConsentId. TPPs can use this endpoint to query the status of an Account Access Consent that they previously created.

Request Arguments

$ curl -X get "https://open-banking.capitalone.co.uk/open-banking/v3.1/aisp/account-access-consents/$ConsentId" \
    -H "accept: application/json" \
    -H 'Authorization: Bearer $accessToken'
Parameter Description
ConsentId
Required
The ID of the Account Access Consent to retrieve.
accessToken
Required
The access token you were provided.

Response Arguments

Example 200 Response

{
    "Data": {
        "ConsentId": "string",
        "Status": "AwaitingAuthorisation",
        "StatusUpdateDateTime": "2019-11-07T19:08:46.759Z",
        "CreationDateTime": "2019-11-07T19:08:46.759Z",
        "Permissions": [
            "ReadAccountsBasic"
        ],
        "ExpirationDateTime": "2019-11-07T19:08:46.759Z",
        "TransactionFromDateTime": "2019-11-07T19:08:46.759Z",
        "TransactionToDateTime": "2019-11-07T19:08:46.759Z"
    },
    "Risk": {},
    "Links": {
        "Self": "string"
    },
    "Meta": {
        "TotalPages": 1
    }
}
Parameter Description
ConsentId A uinque identifier for the consent. This value should be used by the TPP in subsequent requests to reference the consent.
Status The current status of the consent.
StatusUpdateDateTime The Date/Time that the consent was last updated.
CreationDateTime The Date/Time that the consent was created.
Permissions The list of Open Banking TPP permissions that are associated with this consent.
ExpirationDateTime The Date/Time at which the consent will no longer be deemed valid.
TransactionFromDateTime The Date/Time from which transactions data will be reported for the PSU in relation to this consent.
TransactionToDateTime The Date/Time up to which transactions data will be reported for the PSU in relation to this consent.
Self An absolute URL that references this resource.
TotalPages The total number of pages available in the response.

Delete Account Request

An authorised TPP may also revoke a given consent by sending a DELETE request to /account-access-consents/{ConsentId} with an access token in the Authorization header that was issued by the authorization server in response to a client_credentials grant.

Attempting to delete a consent ID owned by a different client to the one to which the access token was issued, will result in an error response.

Once deleted by a TPP, access to the customer’s data using tokens issued in relation to this consent will be rejected. The TPP will also no longer be able to query the status of that particular consent, although it will remain visible to the customer from within the Capital One’s account servicing facility for their reference.

Note: Consent can be unilaterally revoked by the customer at any time from within the Capital One account servicing facility. Once this has been done, access to the customer’s data using tokens issued in relation to this consent will be rejected.

TPPs will still be able to query the status of the consent as described above. If the consent has been revoked by the customer, the Status field will be updated to Revoked.

DELETE /account-access-consents/{$ConsentId}

Deletes the specified Account Access Consent. TPPs should use this endpoint to notify Capital One that a customer has revoked their consent with the TPP.

Request Arguments

$ curl -X delete "https://open-banking.capitalone.co.uk/open-banking/v3.1/aisp/account-access-consents/$ConsentId" \
    -H "accept: */*" \
    -H 'Authorization: Bearer $accessToken'
Parameter Description
ConsentId
Required
The ID of the Account Access Consent to delete
accessToken
Required
The access token you were provided.

Response Arguments

Parameter Description
Status: 204 The specified Account Access Consent was deleted.
Status: 401 The Authorization header was either missing, or its value was not valid (e.g. the token may have expired). A new access token should be obtained via a refresh_token grant to the /token endpoint.
Status: 403 The client does not have access to the specified Account Access Consent

Customers must re-confirm consent to share their data at least every 90 days.

This can be completed by using the existing intent ID in a request to the /authorize endpoint (as per the OBIE specifications).

Data Access

Access to customer data can be obtained by sending requests to our interface Account Information Service (AIS) data endpoints. We provide support for accounts, balances and transactions of the Open Banking Specification 3.1.2

All data endpoints are served over MTLS. Therefore, TPPs must present a valid OpenBanking transport certificate to successfully connect. Each request MUST also include an Authorization header containing the access token issued in response to the authorization_code grant for a given consent.

We do not currently provide pagination on any of the data endpoints. Our interface implements rate-limiting on TPP data requests. Where the customer is not present (as indicated by the absence of a x-fapi-customer-ip-address header) and the rate limit is reached, a 429 response will be returned.

Accounts

Our implementation supports individual and bulk Account requests.

Bulk Accounts Data

GET /accounts

Allows a TPP to enumerate the accounts for a given consent and obtain the details of those accounts.

The consent associated with the presented access token must have been created with either the ReadAccountsBasic or ReadAccountsDetails permissions.

The account details returned will depend on which permission was included in the original consent.

Request Arguments

$ curl -X get "https://open-banking.capitalone.co.uk/open-banking/v3.1/aisp/accounts" \
    -H "accept: application/json" \
    -H 'Authorization: Bearer $accessToken'
Parameter Description
accessToken
Required
The access token you were provided.

Response Arguments

Example 200 Response

{
    "Data": {
        "Account": [
            {
                "AccountId": "string",
                "Currency": "GBP",
                "AccountType": "Personal",
                "AccountSubType": "CreditCard",
                "Description": "string",
                "Account": {
                    "SchemeName": "UK.OBIE.PAN",
                    "Identification": "string"
                }
            }
        ]
    },
    "Links": {
        "Self": "string"
    },
    "Meta": {
        "TotalPages": 1
    }
}
Parameter Description
AccountId An identifier for the customer account. This is guaranteed to be unique and persistent for a given ConsentId.
Currency Capital One accounts are always reported in GBP.
AccountType Although the OpenBanking specification supports values of ‘Personal’ and 'Business’ for this data field, Capital One APIs will only ever report 'Personal’ accounts.
AccountSubType Although the OpenBanking specification supports a number of allowed values for this data field, Capital One APIs will only ever report accounts with a subtype of 'CreditCard’.
Description A textual description of the account.
SchemeName Although the OpenBanking specification supports a number of allowed values for this data field, Capital One APIs will only ever report accounts for the 'UK.OBIE.PAN’ scheme.
Identification A masked version of the Primary Account Number (PAN).

Account Data

GET /accounts/{AccountId}

Retrieves account information for the specified account ID.

The consent associated with the presented access token must have been created with either the ReadAccountsBasic or ReadAccountsDetails permissions.

The level of detail returned in the response will depend on which permission was included in the original consent.

Request Arguments

$ curl -X get "https://open-banking.capitalone.co.uk/open-banking/v3.1/aisp/accounts/$AccountId" \
    -H "accept: application/json" \
    -H 'Authorization: Bearer $accessToken'
Parameter Description
accessToken
Required
The access token you were provided.
AccountId
Required
The ID of the account to retrieve.

Response Arguments

Example 200 Response

{
    "Data": {
        "Account": [
            {
                "AccountId": "string",
                "Currency": "GBP",
                "AccountType": "Personal",
                "AccountSubType": "CreditCard",
                "Description": "string",
                "Account": {
                    "SchemeName": "UK.OBIE.PAN",
                    "Identification": "string"
                }
            }
        ]
    },
    "Links": {
        "Self": "string"
    },
    "Meta": {
        "TotalPages": 1
    }
}
Parameter Description
AccountId An identifier for the customer account. This is guaranteed to be unique and persistent for a given ConsentId.
Currency Capital One accounts are always reported in GBP.
AccountType Although the OpenBanking specification supports values of 'Personal’ and 'Business’ for this data field, Capital One APIs will only ever report 'Personal’ accounts.
AccountSubType Although the OpenBanking specification supports a number of allowed values for this data field, Capital One APIs will only ever report accounts with a subtype of 'CreditCard’.
Description A textual description of the account.
SchemeName Although the OpenBanking specification supports a number of allowed values for this data field, Capital One APIs will only ever report accounts for the 'UK.OBIE.PAN’ scheme.
Identification A masked version of the Primary Account Number (PAN).

Balances

Our implementation supports individual and bulk Balances requests.

Bulk Balances Data

GET /balances

Retrieves balance information for all accounts associated with the customer consent granted for the access token presented.

Request Arguments

$ curl -X get "https://open-banking.capitalone.co.uk/open-banking/v3.1/aisp/balances" \
    -H "accept: application/json" \
    -H 'Authorization: Bearer $accessToken'
Parameter Description
accessToken
Required
The access token you were provided.

Response Arguments

Example 200 Response

{
    "Data": {
        "Balance": [
        {
            "AccountId": "string",
            "Amount": {
                "Amount": "string",
                "Currency": "string"
            },
            "CreditDebitIndicator": "Credit",
            "Type": "OpeningBooked",
            "DateTime": "string",
            "CreditLine": {
                "Included": true,
                "Type": "Credit",
                "Amount": {
                    "Amount": "string",
                    "Currency": "string"
                }
            }
        }
        ]
  },
  "Links": {
    "Self": "string"
  },
  "Meta": {
    "TotalPages": 1
  }
}
Parameter Description
AccountId An identifier for the customer account. This is guaranteed to be unique and persistent for a given ConsentId.
Amount A numeric value indicating the current balance for the account.
Currency The currency in which the balance value is being reported.
CreditDebitIndicator An indicator as to whether the account balance is in credit or debit.
Type Balance type, in a coded form. Capital One will only ever report OpeningBooked.
DateTime The Date/Time of the balance.
Included Indicates whether or not the credit line is included in the balance of the account.
Type The type of the credit limit.
Amount A numeric value indicating the monetary units to describe the credit line.
Currency The currency in which the credit line amount is being reported.

Balance Data

GET /accounts/{AccountId}/balances

Retrieves balance information for the specified account ID.

Request Arguments

$ curl -X get "https://open-banking.capitalone.co.uk/open-banking/v3.1/aisp/accounts/$accountId/balances" \
    -H "accept: application/json" \
    -H 'Authorization: Bearer $accessToken'
Parameter Description
accessToken
Required
The access token you were provided.
AccountId
Required
The ID of the account for which to retrieve balance information.

Response Arguments

Example 200 Response

{
    "Data": {
        "Balance": [
        {
            "AccountId": "string",
            "Amount": {
                "Amount": "string",
                "Currency": "string"
            },
            "CreditDebitIndicator": "Credit",
            "Type": "OpeningBooked",
            "DateTime": "string",
            "CreditLine": {
                "Included": true,
                "Type": "Credit",
                "Amount": {
                    "Amount": "string",
                    "Currency": "string"
                }
            }
        }
        ]
  },
  "Links": {
    "Self": "string"
  },
  "Meta": {
    "TotalPages": 1
  }
}
Parameter Description
AccountId An identifier for the customer account. This is guaranteed to be unique and persistent for a given ConsentId.
Amount A numeric value indicating the current balance for the account.
Currency The currency in which the balance value is being reported.
CreditDebitIndicator An indicator as to whether the account balance is in credit or debit.
Type Balance type, in a coded form. Capital One will only ever report OpeningBooked.
DateTime The Date/Time of the balance.
Included Indicates whether or not the credit line is included in the balance of the account.
Type The type of the credit limit.
Amount A numeric value indicating the monetary units to describe the credit line.
Currency The currency in which the credit line amount is being reported.

Transactions

Our implementation supports individual and bulk Transaction requests.

To use the transactions endpoint the associated consent needs to have either the ReadTransactionsBasic or ReadTransactionsDetail permissions.

You’ll only be able to fetch transactions that were made in the range defined by TransactionFromDateTime and TransactionToDateTime in your consent.

Responses from the transactions data endpoint do not include the FirstAvailableDateTime and LastAvailableDateTime Meta fields.

Transaction amounts can change after the transaction is first created, and you can use the Status field to help identify transactions that are still pending.

Bulk Transactions Data

GET /transactions

Retrieves transaction data for all accounts associated with the customer consent granted for the access token presented.

Request Arguments

$ curl -X get "https://open-banking.capitalone.co.uk/open-banking/v3.1/aisp/transactions?fromBookingDateTime=$fromBookingDate&toBookingDateTime=$toBookingDate" \
    -H "accept: application/json" \
    -H 'Authorization: Bearer $accessToken'
Parameter Description
accessToken
Required
The access token you were provided.
fromBookingDateTime A filtering parameter to restrict the returned transaction data. Only transactions booked after the specified time will be returned in the response.

Note: Transactions may be further restricted based upon the TransactionFromDateTime specified in the consent agreed with the customer. You will need to provide the start and end times in RFC3339 format.
toBookingDateTime A filtering parameter to restrict the returned transaction data. Only transactions booked before the specified time will be returned in the response.

Note: Transactions may be further restricted based upon the TransactionToDateTime specified in the consent agreed with the customer. You will need to provide the start and end times in RFC3339 format.

Response Arguments

Example 200 Response

{
    "Data": {
        "Transaction": [
            {
                "AccountId": "string",
                "Amount": {
                    "Amount": "string",
                    "Currency": "string"
                },
                "CreditDebitIndicator": "string",
                "Status": "Booked",
                "BookingDateTime": "string",
                "AddressLine": "string",
                "MerchantDetails": {
                    "MerchantName": "string"
                }
            }
        ]
    },
    "Links": {
        "Self": "string"
    },
    "Meta": {
        "TotalPages": 1
    }
}
Parameter Description
AccountId An identifier for the customer account. This is guaranteed to be unique and persistent for a given ConsentId.
Amount A numeric value indicating the monetary units for the transaction.
Currency The currency in which the transaction amount is being reported.
CreditDebitIndicator Indicator of whether the transaction was a credit or debit.
Status The status of the transaction.
BookingDateTime The Date/Time that the transaction was booked against the account.
AddressLine Information that locates and identifies a specific address for the transaction entry.
MerchantName The name of the merchant involved in the transaction.

Transactions Data

GET /accounts/{AccountId}/transactions

Retrieves transaction data for the specified account ID

Request Arguments

$ curl -X get "https://open-banking.capitalone.co.uk/open-banking/v3.1/aisp/accounts/$accountId/transactions?fromBookingDateTime=$fromBookingDate&toBookingDateTime=$toBookingDate" \
    -H "accept: application/json" \
    -H 'Authorization: Bearer $accessToken'
Parameter Description
AccountId
Required
The ID of the account for which to retrieve balance information.
accessToken
Required
The access token you were provided.
fromBookingDateTime A filtering parameter to restrict the returned transaction data. Only transactions booked after the specified time will be returned in the response.

Note: Transactions may be further restricted based upon the TransactionFromDateTime specified in the consent agreed with the customer.
toBookingDateTime A filtering parameter to restrict the returned transaction data. Only transactions booked before the specified time will be returned in the response.

Note: Transactions may be further restricted based upon the TransactionToDateTime specified in the consent agreed with the customer.

Response Arguments

Example 200 Response

{
    "Data": {
        "Transaction": [
            {
                "AccountId": "string",
                "Amount": {
                    "Amount": "string",
                    "Currency": "string"
                },
                "CreditDebitIndicator": "string",
                "Status": "Booked",
                "BookingDateTime": "string",
                "AddressLine": "string",
                "MerchantDetails": {
                    "MerchantName": "string"
                }
            }
        ]
    },
    "Links": {
        "Self": "string"
    },
    "Meta": {
        "TotalPages": 1
    }
}
Parameter Description
AccountId An identifier for the customer account. This is guaranteed to be unique and persistent for a given ConsentId.
Amount A numeric value indicating the monetary units for the transaction.
Currency The currency in which the transaction amount is being reported.
CreditDebitIndicator Indicator of whether the transaction was a credit or debit.
Status The status of the transaction.
BookingDateTime The Date/Time that the transaction was booked against the account.
AddressLine Information that locates and identifies a specific address for the transaction entry.
MerchantName The name of the merchant involved in the transaction.

Testing in the Sandbox

well-known endpoint

https://auth-ui-obsbox.capitalone.co.uk/.well-known/openid-configuration

To support the TPP onboarding we’ve setup a Sandbox reflective of our production APIs.

You can get started straight away based on the .well-known endpoint but to help we included some guidance below.

Authorization Server

Description Endpoint
Returns the well known OIDC configuration for the authorization server. GET: https://auth-ui-obsbox.capitalone.co.uk/.well-known/openid-configuration
Registers a new OAuth client using the details provided in the request body. POST: https://api-obsbox.capitalone.co.uk:4501/dynamic-client-registration/v3.1/register
Obtain an OAuth access token. POST: https://auth-obsbox.capitalone.co.uk:4201/token
TPPs should redirect PSUs to this endpoint to begin the authentication and authorization process for consent. GET: https://auth-ui-obsbox.capitalone.co.uk/auth?request={$request}&response_type=code%20id_token&redirect_uri={$redirect_uri}&scope={$scope}&client_id={$client_id}&state={$state}
Description Endpoint
Creates a new Account Access Consent to which a customer can consent. The details of the consent (permissions, expiry date/time etc.) are contained in the body of the request. GET: https://api-obsbox.capitalone.co.uk/open-banking/v3.1/aisp/account-access-consents
Retrieves the Account Access Consent for the specified ConsentId. TPPs can use this endpoint to query the status of an Account Access Consent that they previously created. POST: https://api-obsbox.capitalone.co.uk/open-banking/v3.1/aisp/account-access-consents/{$ConsentId}
Deletes the specified Account Access Consent. TPPs should use this endpoint to notify Capital One that a customer has revoked their consent with the TPP. DELETE: https://api-obsbox.capitalone.co.uk/open-banking/v3.1/aisp/account-access-consents/{$ConsentId}

Data Access

Description Endpoint
Allows a TPP to enumerate the accounts for a given consent and obtain the details of those accounts. GET: https://api-obsbox.capitalone.co.uk/open-banking/v3.1/aisp/accounts
Retrieves account information for the specified account ID. GET: https://api-obsbox.capitalone.co.uk/open-banking/v3.1/aisp/accounts/{$AccountId}
Retrieves balance information for all accounts associated with the customer consent granted for the access token presented. GET: https://api-obsbox.capitalone.co.uk/open-banking/v3.1/aisp/balances
Retrieves balance information for the specified account ID. GET: https://api-obsbox.capitalone.co.uk/open-banking/v3.1/aisp/accounts/{$AccountId}/balances
Retrieves transaction data for all accounts associated with the customer consent granted for the access token presented. GET: https://api-obsbox.capitalone.co.uk/open-banking/v3.1/aisp/transactions?fromBookingDateTime={$fromBookingDateTime}&toBookingDateTime={$toBookingDateTime}
Retrieves transaction data for the specified account ID. GET: https://api-obsbox.capitalone.co.uk/open-banking/v3.1/aisp/accounts/{$AccountId}/transactions?fromBookingDateTime={$fromBookingDateTime}&toBookingDateTime={$toBookingDateTime}