Skip to main content

Testing in the Sandbox

To support the TPP onboarding we've setup a Sandbox reflective of our production APIs.

You can get started straight away based on the .well-known endpoint but to help we included some guidance below.

well-known endpoint

https://auth-ui-obsbox.capitalone.co.uk/.well-known/openid-configuration

Authorization Server

DescriptionEndpoint
Returns the well known OIDC configuration for the authorization server.GET: https://auth-ui-obsbox.capitalone.co.uk/.well-known/openid-configuration
Registers a new OAuth client using the details provided in the request body.POST: https://api-obsbox.capitalone.co.uk:4501/dynamic-client-registration/v3.1/register
Obtain an OAuth access token.POST: https://auth-obsbox.capitalone.co.uk:4201/token
TPPs should redirect PSUs to this endpoint to begin the authentication and authorization process for consent.GET: https://auth-ui-obsbox.capitalone.co.uk/auth?request={$request}&response_type=code%20id_token&redirect_uri={$redirect_uri}&scope={$scope}&client_id={$client_id}&state={$state}
DescriptionEndpoint
Creates a new Account Access Consent to which a customer can consent. The details of the consent (permissions, expiry date/time etc.) are contained in the body of the request.POST: https://api-obsbox.capitalone.co.uk:4501/open-banking/v3.1/aisp/account-access-consents
Retrieves the Account Access Consent for the specified ConsentId. TPPs can use this endpoint to query the status of an Account Access Consent that they previously created.GET: https://api-obsbox.capitalone.co.uk:4501/open-banking/v3.1/aisp/account-access-consents/{$ConsentId}
Deletes the specified Account Access Consent. TPPs should use this endpoint to notify Capital One that a customer has revoked their consent with the TPP.DELETE: https://api-obsbox.capitalone.co.uk:4501/open-banking/v3.1/aisp/account-access-consents/{$ConsentId}
Creates a new Funds Confirmation Consent to which a customer can consent. The details of the consent (debtor account, expiry date/time etc.) are contained in the body of the request.POST: https://api-obsbox.capitalone.co.uk:4501/open-banking/v3.1/cbpii/funds-confirmation-consents
Retrieves the Funds Confirmation Consent for the specified ConsentId. TPPs can use this endpoint to query the status of a Funds Confirmation Consent that they previously created.GET: https://api-obsbox.capitalone.co.uk:4501/open-banking/v3.1/cbpii/funds-confirmation-consents/{$ConsentId}
Deletes the specified Funds Confirmation Consent. TPPs should use this endpoint to notify Capital One that a customer has revoked their consent with the TPP.DELETE: https://api-obsbox.capitalone.co.uk:4501/open-banking/v3.1/cbpii/funds-confirmation-consents/{$ConsentId}

Data Access

DescriptionEndpoint
Allows a TPP to enumerate the accounts for a given consent and obtain the details of those accounts.GET: https://api-obsbox.capitalone.co.uk:4501/open-banking/v3.1/aisp/accounts
Retrieves account information for the specified account ID.GET: https://api-obsbox.capitalone.co.uk:4501/open-banking/v3.1/aisp/accounts/{$AccountId}
Retrieves balance information for all accounts associated with the customer consent granted for the access token presented.GET: https://api-obsbox.capitalone.co.uk:4501/open-banking/v3.1/aisp/balances
Retrieves balance information for the specified account ID.GET: https://api-obsbox.capitalone.co.uk:4501/open-banking/v3.1/aisp/accounts/{$AccountId}/balances
Retrieves statement information for all accounts associated with the customer consent granted for the access token presented.GET: https://api-obsbox.capitalone.co.uk:4501/open-banking/v3.1/aisp/statements
Retrieves statement information for the specified account ID.GET: https://api-obsbox.capitalone.co.uk:4501/open-banking/v3.1/aisp/accounts/{$AccountId}/statements
Retrieves statement information for the specified account ID and statement ID.GET: https://api-obsbox.capitalone.co.uk:4501/open-banking/v3.1/aisp/accounts/{$AccountId}/statements/{$StatementId}
Retrieves statement transactions information for the specified account ID and statement ID.GET: https://api-obsbox.capitalone.co.uk:4501/open-banking/v3.1/aisp/accounts/{$AccountId}/statements/{$StatementId}/transactions
Retrieves transaction data for all accounts associated with the customer consent granted for the access token presented.GET: https://api-obsbox.capitalone.co.uk:4501/open-banking/v3.1/aisp/transactions?fromBookingDateTime={$fromBookingDateTime}&toBookingDateTime={$toBookingDateTime}
Retrieves transaction data for the specified account ID.GET: https://api-obsbox.capitalone.co.uk:4501/open-banking/v3.1/aisp/accounts/{$AccountId}/transactions?fromBookingDateTime={$fromBookingDateTime}&toBookingDateTime={$toBookingDateTime}
Endpoint to which CBPIIs can submit confirmation of funds requests. The response will indicate whether or not the relevant account has the amount of funds available as specified in the request.POST: https://api-obsbox.capitalone.co.uk:4501/open-banking/v3.1/cbpii/funds-confirmations