Testing in the Sandbox
To support the TPP onboarding we've setup a Sandbox reflective of our production APIs.
You can get started straight away based on the .well-known endpoint but to help we included some guidance below.
well-known endpoint
https://auth-ui-obsbox.capitalone.co.uk/.well-known/openid-configuration
Authorization Server
Description | Endpoint |
---|---|
Returns the well known OIDC configuration for the authorization server. | GET: https://auth-ui-obsbox.capitalone.co.uk/.well-known/openid-configuration |
Registers a new OAuth client using the details provided in the request body. | POST: https://api-obsbox.capitalone.co.uk:4501/dynamic-client-registration/v3.1/register |
Obtain an OAuth access token. | POST: https://auth-obsbox.capitalone.co.uk:4201/token |
TPPs should redirect PSUs to this endpoint to begin the authentication and authorization process for consent. | GET: https://auth-ui-obsbox.capitalone.co.uk/auth?request={$request}&response_type=code%20id_token&redirect_uri={$redirect_uri}&scope={$scope}&client_id={$client_id}&state={$state} |
Consent Management
Description | Endpoint |
---|---|
Creates a new Account Access Consent to which a customer can consent. The details of the consent (permissions, expiry date/time etc.) are contained in the body of the request. | POST: https://api-obsbox.capitalone.co.uk:4501/open-banking/v3.1/aisp/account-access-consents |
Retrieves the Account Access Consent for the specified ConsentId . TPPs can use this endpoint to query the status of an Account Access Consent that they previously created. | GET: https://api-obsbox.capitalone.co.uk:4501/open-banking/v3.1/aisp/account-access-consents/{$ConsentId} |
Deletes the specified Account Access Consent. TPPs should use this endpoint to notify Capital One that a customer has revoked their consent with the TPP. | DELETE: https://api-obsbox.capitalone.co.uk:4501/open-banking/v3.1/aisp/account-access-consents/{$ConsentId} |
Creates a new Funds Confirmation Consent to which a customer can consent. The details of the consent (debtor account, expiry date/time etc.) are contained in the body of the request. | POST: https://api-obsbox.capitalone.co.uk:4501/open-banking/v3.1/cbpii/funds-confirmation-consents |
Retrieves the Funds Confirmation Consent for the specified ConsentId . TPPs can use this endpoint to query the status of a Funds Confirmation Consent that they previously created. | GET: https://api-obsbox.capitalone.co.uk:4501/open-banking/v3.1/cbpii/funds-confirmation-consents/{$ConsentId} |
Deletes the specified Funds Confirmation Consent. TPPs should use this endpoint to notify Capital One that a customer has revoked their consent with the TPP. | DELETE: https://api-obsbox.capitalone.co.uk:4501/open-banking/v3.1/cbpii/funds-confirmation-consents/{$ConsentId} |