Here are general settings and parameters for all of our APIs.
Consent
Authentication
Errors
Endpoints
Endpoint URLs
Tokens
Certificates
Parameters
Sandbox and production environments
As part of the consent process, you will be redirected to The Co-operative Bank or smile login page, where you can enter the provided PSU credentials. Based on the API request, you will then see the relevant screen after login.
The consent journey can only be tested using our online banking services, not in the mobile app.
Customer authentication is required on our consent page, to get the PSU’s permission to access their resources via the TPP application.
For sandbox journeys for which you need to test customer authentication, we provide credentials for this during onboarding. It will be stubbed data which will mimic the live consent journey.
When connected to a sandbox Open Banking API, you can select account types and generate access tokens to access the sandbox endpoints APIs in your own environment.
When a PSU completes an Open Banking journey with The Co-operative Bank or smile, they will then be redirected to the TPP.
If there is an error during the journey, the customer will be shown an error screen. When they acknowledge the error, they will then be redirected to the TPP.
There isn’t a timeout in the redirection journey. If timeout is needed, you will need to set one within your journey.
All APIs are secured with TLS mutual authentication, where certificates are signed by the Open Banking directory.
Step-up is 2FA (two-factor authentication) and is only required in AIS journeys where sensitive data is requested, such as transactions over 90 days, standing order, direct debit or a scheduled payment.
You can read the specifications for error codes, error types and HTTP status codes.
Below are our example scenarios, what our response will be and what you need to do.
The authorisation URL journey in browser uses Open Banking signed certificates. Please add your Open Banking sandbox and production root and issuer certificates to the trust store to avoid any untrusted certificate issues in the browser.
You must make sure your certificates have a minimum of 90 days until their expiry. Please add your renewed certificates to the trust store to ensure this.
You can read about how to use our sandbox environment and production environment.