FAQs (frequently asked questions)

You can read answers to questions below about:

Developer portal

Developer portal

Third Party Providers (TPPs) can use our developer portal to find all the information you need about our Open Banking APIs, so they can develop and test Open Banking applications. You need a good working knowledge of REST concepts and structures to get the most from them.

We support Open Banking OBWAC and OBSeal certificates.

UK-based TPPs have been unable to use eIDAS certificates since 1 January 2021.

Read more about use of certificates for purposes of identification.

European TPPs are unable to interact with our Open Banking services as TPPs that we work with must be on the FCA register or registered with the Gibraltar Financial Services Commission.

Our sandbox environment is a safe and controlled place to develop and complete end-to-end testing of your APIs without affecting our production services.

It replicates the functionality of our production environment where possible and appropriate. So, you can use the same codebase when you move to using the production environment.

Yes, customers can manage their consents in the 'Open banking connections' dashboard through our online banking services and mobile app.

No, we only require re-authentication:

  • On permissions expiry or end date
  • Each time the customer requests sensitive data via AIS
  • Each time the customer requests to make a payment via PIS or CBPI.

If you’ve checked our help and support pages and you need further support, please let us know by contacting our TPP support team.

Back to the top


We’re operating a manual onboarding process.

You just need to request a secure email account, then send us some documentation, and complete and send our onboarding form.

We’ll then run some checks and onboard you if we have all the information we need.

Read more about how to onboard.

We have help and support information on how to onboard.

If you still need further help onboarding, you can contact our TPP onboarding team.

We need an SSA (Software Statement Assertion) to identify your Open Banking application. To get this:

  • Navigate to the TPPs organisation summary page on the Open Banking Sandbox Directory
  • Click Add new statement in Software Statement section
  • Complete Add New Statement form
  • Upload the CSRs (Certificate Signing Requests) to the OBL website
  • Check if the new software statement has been completed
  • Generate the SSA.

We need digital certificates for transport and signing. To get these:

  • Decrypt the SSA using a tool such as JSON Web Tokens
  • Get the software_jwks_endpoint
  • Use this to download the JWKS files for transport and signing.

To work with us, TPPs need to:

  • Be fully authorised to act as a TPP by the FCA (Financial Conduct Authority) or the Gibraltar Financial Services Commission
  • Be enrolled on the Open Banking Directory
  • Provide proof of this and some other required information
  • Provide an AIS, PIS or CBPI.

Our team will do the necessary checks and once complete, we’ll confirm you as a TPP if your application has been successful.

Yes, you’ll need to follow the onboarding process to set up API services.

Back to the top


Open Banking is when a customer uses a third party app or website to see information about their payment account, or to make payments. They need to agree to share some of their data with the company who provides the service – the third party provider (TPP).

You can read: