Good to Know
Open Payments uses OAuth2 (specifically OIDC) for authentication. In the following guides, we have provided step-by-step instructions on how you will interact with the platform. There are two domains to access - one for handling auth (AUTH_HOST) and one for making the actual calls (API_HOST). The values for these domains depend on whether you want to access the sandbox or production environment — our guides will show production examples to reflect how the API works in a live setting. See domain values for sandbox and production below.
Available AUTH_HOST values
| Environment | URL |
|---|---|
| Sandbox | https://auth.sandbox.openbankingplatform.com |
| Production | https://auth.openbankingplatform.com |
Available API_HOST values
| Environment | URL |
|---|---|
| Sandbox | https://api.sandbox.openbankingplatform.com |
| Production | https://api.openbankingplatform.com |
Postman collection
You can download our Postman Collection,
Postman Environment Settings for Sandbox
and Postman Environment Settings for Production
with ready made API calls and settings for our environments. After importing the Collection and the Environment Settings,
you just need to set the values for variables "clientId", "clientSecret" and "redirectUri" to start using our API.
General notes about requests
Explicit scopes for Private and Corporate contexts
Your requests will operate in either a "private" or a "corporate" context in our platform. This is an abstraction layer provided by our platform so that you need to know less about how specific banks are implementing and separating private/corporate access to account information and payment operations. The context is selected by specifying an additional "private" or "corporate" scope when requesting an access token from our auth endpoint. Our guides show examples in the corporate scope.
X-Request-ID
All calls accept a header called X-Request-ID - this should be set to a newly generated guid. Denoted in the code with [GUID]. If your client is also a platform it would make sense to accept such an ID from the client that calls you. This ID is used to trace requests through our systems. Logging it somewhere together with the request will make troubleshooting much easier.
X-Feature-Flags
X-Feature-Flags is a request header that gives you the flexibility to gradually adopt new functionality and breaking changes at your own pace. By specifying this header in your API requests, you can enable specific features before they become the default behavior, allowing for smoother integration and testing. Below is a list of feature flags on our platform:
| Name | Description | Status | Expected deprecation date |
|---|---|---|---|
new-statuses | Harmonized payment statuses to deliver consistent status values at each stage of the payment process. | Active | TBD (Autumn 2025) |
new-balances | Corrected mapping of balance types to accurately reflect account balance information provided by banks. | Active | TBD (Autumn 2025) |