This documentation is for WSO2 Open Banking version 1.5.0. View documentation for the latest release.
Skip to end of metadata
Go to start of metadata

Before you begin:

Deploy the Dynamic Client Registration (DCR) v3.2 API.

  Click here to see how to deploy the DCR API v3.2
  1. Sign in to the API Publisher ( https://<WSO2_OB_APIM_HOST>:9443/publisher) with creator/publisher privileges.
  2. Click ADD NEW API.
  3. Select I Have an Existing API option.
  4. Select the Swagger File option and browse for the Swagger definition by clicking the Browse button.
    Use the <WSO2_OB_APIM_HOME>/repository/resources/finance/apis/openbanking.org.uk/DynamicClientRegistration/3.2/dynamic-client-registration-swagger.yaml file to configure the properties according to the open-banking specification. 
  5. You are directed to the Design API stage. Design General Details are loaded for you in the Design tab.
  6. Click Next: Implement to navigate to the next level.
  7. Expand Managed API and set Endpoint Type by selecting Dynamic Endpoint from the drop-down list.
  8. Under Message Mediation Policies, check Select a message mediation policy to be executed in the message flow.
  9. Uploading the In flow:

    Open the <WSO2_OB_APIM_HOME>/repository/resources/finance/apis/openbanking.org.uk/DynamicClientRegistration/3.2/dcr-dynamic-endpoint-insequence-3.2.xml In sequence file using a text editor. Replace  <WSO2_OB_APIM_HOSTNAME>  with the hostname of your WSO2 Open Banking API Manager server and save the changes.

    <header name="To" value="https://<WSO2_OB_APIM_HOSTNAME>:9443/ob-dynamic-client-registration" />

    Click  Upload In Flow  and upload the modified  dcr-dynamic-endpoint-insequence-3.2.xml In sequence file.

  10. Click Next: Manage to navigate to the next level.
  11. Under Subscription Tiers, check the option Unlimited : Allows unlimited requests unless you want to limit the requests. 
  12. Expand API Properties and add the following as Additional properties and click the + button to proceed.

    Property NameProperty Value
    ob-specuk
    ob-api-typedcr
    ob-api-version3.2


  13. Click Save & Publish.

  14. The published DCR v3.2 API is available in the API Store.


According to the OBIE, the Account Servicing Payment Service Providers (ASPSPs) need to make sure that the TPPs can be registered in a seamless and ideally, a fully automated process. In order to avoid any obstacles that may occur, the OBIE requires the ASPSPs to provide the TPP responses real-time once the registration is processed. The Dynamic Client Registration (DCR) endpoint is capable of dynamically registering the clients with the ASPSP when the client sends a registration request with its metadata. This results in a registration response that includes a client identifier and the client metadata values registered for the client.

You can find the REST API documentation for Dynamic Client Registration v3.2 here.


This document explains how to utilize Dynamic Client Registration with WSO2 Open Banking.  


Configuring dynamic client registration

Follow the steps below to configure the DCR API v3.2 in WSO2 Open Banking.

Uploading certificate to the client trust store

The ASPSP can upload the OB root and issuer certificates found in the below mentioned locations to the client trust store of both WSO2 API Manager (WSO2 OB APIM) and Key Manager (WSO2 OB KM).

The client trust stores are located in the WSO2 OB APIM and WSO2 OB KM servers in the following locations respectively:

  • <WSO2_OB_APIM_HOME>/repository/resources/security/client-truststore.jks
  • <WSO2_OB_KM_HOME>/repository/resources/security/client-truststore.jks

Use the following commands to add the certificate to the client trust store:

Add root certificate
keytool -import -alias obroot -file <OB_ROOT_CERT> -keystore client-truststore.jks -storepass wso2carbon
Add issuer certificate
keytool -import -alias obissuer -file <OB_ISSUING_CERT> -keystore client-truststore.jks -storepass wso2carbon

Updating open-banking.xml

Make sure to configure the following parameters under the  <DCR>  element in  <WSO2_OB_APIM_HOME>/repository/conf/finance/open-banking.xml
<DCR>
	<TokenAuthentication>
		<Method>private_key_jwt</Method>
		<Method>tls_client_auth</Method>
	</TokenAuthentication>
	<ConnectionTimeout>0</ConnectionTimeout>
	<ReadTimeout>0</ReadTimeout>
	<EnableURIValidation>false</EnableURIValidation>
	<EnableHostNameValidation>false</EnableHostNameValidation>
	<UseSoftwareIdAsApplicationName>true</UseSoftwareIdAsApplicationName>
	<JwksUrlSandbox>https://keystore.openbankingtest.org.uk/keystore/openbanking.jwks</JwksUrlSandbox>
	<JwksUrlProduction>https://keystore.openbanking.org.uk/keystore/openbanking.jwks</JwksUrlProduction>
</DCR>


 Click here to see the parameter descriptions for the above-mentioned parameters...
  • <TokenAuthentication>: The supported authentication methods for the token endpoint. Possible values are  private_key_jwt  and  tls_client_auth   .
  • <ConnectionTimeout>  and  <ReadTimeout>: The time out values when connecting to the JWKS endpoint of the Open Banking directory to retrieve the JSON web keys related to the TPP.
  • <EndPointURL>: The endpoint URLs to access the REST APIs of the API Manager in order to create the application and service provider, and generate keys for the application.
  • <EnableURIValidation>: If  true, validate the policy, client, terms of service, and logo URIs.
  • <EnableHostNameValidation>:  True  or  false  can be set as values to check the hostname of policy, client, terms of service, and logo URIs against the hostname of redirect URI.
  • <APISubscriptions>: Specify the context of the APIs that need to subscribe when the TPP registers through DCR. 
  • <UseSoftwareIdAsApplicationName>: Set the    <UseSoftwareIdAsApplicationName>    to    true    to use    SoftwareID    in SSA as the name of the application.

In the API Store, you can display both name and ID of the application if you have enabled UseSoftwareIdAsApplicationName feature.


Updating identity.xml

To display the DCR endpoint in OpenID Connect Discovery (https://<WSO2_OB_KM_HOST>:8243/.well-known/openid-configuration) :

  • Open the <WSO2_OB_KM_HOME>/repository/conf/identity/identity.xml file. 
  • Update the value of the  <OAuth2DCREPUrl>  property with the DCR endpoint.  

<OAuth2DCREPUrl>${carbon.protocol}://<WSO2_OB_APIM_HOST>:8243/open-banking/v3.2/register</OAuth2DCREPUrl>

Updating api-manager.xml

To store any properties retrieved from the SSA, add the server-level configuration to the <OB_AM_HOME>/repository/conf/api-manager.xml file as explainedhere . Update the <ApplicationConfiguration> at the end of the file within the <APIManager> element. 

For example, if you want to store software_client_id retrieved from the SSA created in the sandbox environment, the property name should look like: software_client_id_sandbox. Similarly, to store the software_client_id retrieved from the SSA created in a production environment, the property name should be: software_client_id_production. Make sure you add these properties as false, as required.

In addition to these, include software_jwks_endpoint in the SSA. This is required to obtain an application access token. 

 Click here to see api-manager.xml configurations

<ApplicationConfiguration>
	<ApplicationAttributes>
		<Attribute required="true">
			<Name>Regulatory Compliance</Name>
			<Description>Regulatory Compliance</Description>
		</Attribute>
		<Attribute required="false">
			<Name>software_id_sandbox</Name>
			<Description>Software ID of the sandbox</Description>
		</Attribute>
		<Attribute required="false">
			<Name>software_id_production</Name>
			<Description>Software ID of the production</Description>
		</Attribute>
		<Attribute required="false">
			<Name>software_roles_sandbox</Name>
			<Description>Software roles of the sandbox</Description>
		</Attribute>
		<Attribute required="false">
			<Name>software_roles_production</Name>
			<Description>Software roles of the production</Description>
		</Attribute>
		<Attribute required="false">
			<Name>software_jwks_endpoint_sandbox</Name>
			<Description>JWKS endpoint of sandbox</Description>
		</Attribute>
		<Attribute required="false">
			<Name>software_jwks_endpoint_production</Name>
			<Description>JWKS endpoint of production</Description>
		</Attribute>
		<Attribute required="false">
			<Name>software_on_behalf_of_org_sandbox</Name>
			<Description>Software on behalf of org of sandbox</Description>
		</Attribute>
		<Attribute required="false">
			<Name>ssoftware_on_behalf_of_org_production</Name>
			<Description>Software on behalf of org of production</Description>
		</Attribute>
		<Attribute required="false">
			<Name>org_name_sandbox</Name>
			<Description>Org name of the sandbox</Description>
		</Attribute>
		<Attribute required="false">
			<Name>org_name_production</Name>
			<Description>Org name of the production</Description>
		</Attribute>
		<Attribute required="false">
			<Name>software_client_name_sandbox</Name>
			<Description>Software client name of the sandbox</Description>
		</Attribute>
		<Attribute required="false">
			<Name>software_client_name_production</Name>
			<Description>Software client name of the production</Description>
		</Attribute>
	</ApplicationAttributes>
</ApplicationConfiguration>

  • To store the application authority of the SSA, add the following configurations under the <ApplicationAttributes> tag:

    This is available only as a WUM update and is effective from April 26, 2021 (04-26-2021). For more information on updating WSO2 Open Banking, see Updating WSO2 Products.

    <Attribute required="true">
    	<Name>application authority</Name>
    	<Description>application authority</Description>
    </Attribute>



Registering TPPs with self-signed certificates

WSO2 Open Banking has the ability to register TPPs using self-signed certificates that are not issued by the OB directory.

This is available only as a WUM update and is effective from April 26, 2021 (04-26-2021). For more information on updating WSO2 Open Banking, see Updating WSO2 Products.

  • Open the <WSO2_OB_APIM_HOME>/repository/conf/finance/open-banking.xml file.
    • To enable the feature and accept self-signed SSAs,  add the following configurations under the <DCR> tag and set the value to true:

      <DCR> <SelfSignedSSAAllowed>true</SelfSignedSSAAllowed>
  • Open the <WSO2_OB_APIM_HOME>/repository/conf/api-manager.xml file.
    • To store the application authority of the SSA, add the following configurations under the <ApplicationAttributes> tag:

      <ApplicationAttributes>
      	<Attribute required="true">
      		<Name>application authority</Name>
      		<Description>application authority</Description>
      	</Attribute>
    • To extract and save the certificates available in the SSA, add the following attributes under the <ApplicationAttributes> tag: 

      <Attribute required="false">
      	<Name>transport_certificate_sandbox</Name>
      	<Description>TLS Certificate used</Description>
      </Attribute>
      <Attribute required="false">
      	<Name>transport_certificate_prodcution</Name>
      	<Description>TLS Certificate used</Description>
      </Attribute>
      <Attribute required="false">
      	<Name>signing_certificate_sandbox</Name>
      	<Description>Signing certificate used</Description>
      </Attribute>
      <Attribute required="false">
      	<Name>signing_certificate_production</Name>
      	<Description>Signing certificate used</Description>
      </Attribute>
  • When registering TPP applications with self-signed certificates, the WSO2 Open Banking solution expects the following parameters in the request payload.

     Click here to see the decoded format of a sample payload...
    {
      "iss": "non-obie dcr",
      "iat": 1601982042,
      "exp": 1623752842,
      "jti": "1601982046",
      "aud": "https://localhost:8243/token",
      "scope": "accounts payments",
      "token_endpoint_auth_method": "private_key_jwt",
      "grant_types": [
        "authorization_code",
        "refresh_token"
      ],
      "response_types": [
        "code id_token"
      ],
      "id_token_signed_response_alg": "PS256",
      "request_object_signing_alg": "PS256",
      "application_type": "web",
      "redirect_uris": [
        "https://wso2.com"
      ],
      "token_endpoint_auth_signing_alg": "PS256",
      "software_statement": "ewoiYWxnIiA6ICJub25lIgp9Cg==.ewogICJpc3MiOiAiT3BlbkJhbmtpbmcgTk9OIE9CSUUgVFBQIiwKICAiaWF0IjogMTYxMjg2MTc3MSwKICAianRpIjogImVjNGJkNmM1ZmIzNTQwN2EiLAogICJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6ICJzYW5kYm94IiwKICAic29mdHdhcmVfbW9kZSI6ICJUZXN0IiwKICAic29mdHdhcmVfY2xpZW50X25hbWUiOiAiV1NPMiBPcGVuIEJhbmtpbmcgTk9OT0JJRSBUUFA1IChTYW5kYm94KSIsCiAgInNvZnR3YXJlX2NsaWVudF9kZXNjcmlwdGlvbiI6ICJXU08yIE9wZW4gQmFua2luZyIsCiAgInNvZnR3YXJlX3ZlcnNpb24iOiAxLjUsCiAgInNvZnR3YXJlX2NsaWVudF91cmkiOiAiaHR0cHM6Ly93c28yLmNvbSIsCiAgInNvZnR3YXJlX3JlZGlyZWN0X3VyaXMiOiBbCiAgICAiaHR0cHM6Ly93c28yLmNvbSIKICBdLAogICJzb2Z0d2FyZV9yb2xlcyI6IFsKICAgICJBSVNQIiwKICAgICJQSVNQIiwKICAgICJDQlBJSSIKICBdLAogICJzb2Z0d2FyZV9sb2dvX3VyaSI6ICJodHRwczovL3dzbzIuY29tL3dzbzIuanBnIiwKICAib3JnX3N0YXR1cyI6ICJBY3RpdmUiLAogICJvcmdfaWQiOiAiMDAxNTgwMDAwMUhRUXJaQUFYIiwKICAib3JnX25hbWUiOiAiV1NPMiAoVUspIExJTUlURUQiLAogICJvcmdfY29udGFjdHMiOiBbCiAgICB7CiAgICAgICJuYW1lIjogIlRlY2huaWNhbCIsCiAgICAgICJlbWFpbCI6ICJzYWNoaW5pc0B3c28yLmNvbSIsCiAgICAgICJwaG9uZSI6ICIrOTQ3NzQyNzQzNzQiLAogICAgICAidHlwZSI6ICJUZWNobmljYWwiCiAgICB9LAogICAgewogICAgICAibmFtZSI6ICJCdXNpbmVzcyIsCiAgICAgICJlbWFpbCI6ICJzYWNoaW5pc0B3c28yLmNvbSIsCiAgICAgICJwaG9uZSI6ICIrOTQ3NzQyNzQzNzQiLAogICAgICAidHlwZSI6ICJCdXNpbmVzcyIKICAgIH0KICBdLAogICJqd2tzIjogewogICAgImtleXMiOiBbCiAgICAgIHsKICAgICAgICAia2lkIjogIjFwYlRFdDZ2Nl9vMFdwUEZ6bU5YajZlZGlLdyIsCiAgICAgICAgImt0eSI6ICJSU0EiLAogICAgICAgICJuIjogIjFjdHAtMllUdTBpNkNJdTBzOXM0bU1ZWVlLUXhLbmRaV2tfYVFVM2phZUtfeFFleVg3MDA2QmpyM3RwZ0Z1cWdxbmpHT2VBRWNQMV93VmdreEt3SjA0TkVsbFVGUC1wcURPSXgxNU54LTZackZWQnpwR0NHM2JYd0Q3NVRYbnRRT1VjWW54Uk9QZlYweXRRQThEVlgxUmhHZUtNOHZfSzVvMTJ1OURDd1QteXU4aUxwT3dRRHRvcklpeGJOZ1MwUzdFZUxST1FXUjFtOExWQlgwZ1BPZndXSkdhYl8zeHVYYVo0eGhqTnoyd3lIWkFGekRXLXBEX2cwckZ5NXhvaFRJQ1NIWlJkd19ZNVljTmhDRXVRWDJoMDV2c1R0ZzJJdm9lWkdUd21pRU5jaGp5bjJoUmJmakZfNG1xSU9ETDlHWjNjV09SV2VsSlNVcGVvTUtaSkRWUSIsCiAgICAgICAgImUiOiAiQVFBQiIsCiAgICAgICAgInVzZSI6ICJzaWciLAogICAgICAgICJ4NWMiOiBbCiAgICAgICAgICAiTUlJRnV6Q0NCS09nQXdJQkFnSUVXY1lETlRBTkJna3Foa2lHOXcwQkFRc0ZBREJUTVFzd0NRWURWUVFHRXdKSFFqRVVNQklHQTFVRUNoTUxUM0JsYmtKaGJtdHBibWN4TGpBc0JnTlZCQU1USlU5d1pXNUNZVzVyYVc1bklGQnlaUzFRY205a2RXTjBhVzl1SUVsemMzVnBibWNnUTBFd0hoY05NakF4TVRFNE1UWXdPVEU1V2hjTk1qRXhNakU0TVRZek9URTVXakJ6TVFzd0NRWURWUVFHRXdKSFFqRWFNQmdHQTFVRUNoTVJWMU5QTWlBb1ZVc3BJRXhKVFVsVVJVUXhLekFwQmdOVkJHRVRJbEJUUkVkQ0xVOUNMVlZ1YTI1dmQyNHdNREUxT0RBd01EQXhTRkZSY2xwQlFWZ3hHekFaQmdOVkJBTVRFakF3TVRVNE1EQXdNREZJVVZGeVdrRkJXRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFOWExhZnRtRTd0SXVnaUx0TFBiT0pqR0dHQ2tNU3AzV1ZwUDJrRk40Mm5pdjhVSHNsKzlOT2dZNjk3YVlCYnFvS3A0eGpuZ0JIRDlmOEZZSk1Tc0NkT0RSSlpWQlQvcWFnemlNZGVUY2Z1bWF4VlFjNlJnaHQyMThBKytVMTU3VURsSEdKOFVUajMxZE1yVUFQQTFWOVVZUm5palBML3l1YU5kcnZRd3NFL3NydklpNlRzRUE3YUt5SXNXellFdEV1eEhpMFRrRmtkWnZDMVFWOUlEem44RmlSbW0vOThibDJtZU1ZWXpjOXNNaDJRQmN3MXZxUS80Tkt4Y3VjYUlVeUFraDJVWGNQMk9XSERZUWhMa0Y5b2RPYjdFN1lOaUw2SG1SazhKb2hEWElZOHA5b1VXMzR4ZitKcWlEZ3kvUm1kM0Zqa1ZucFNVbEtYcURDbVNRMVVDQXdFQUFhT0NBblV3Z2dKeE1BNEdBMVVkRHdFQi93UUVBd0lHd0RCNkJnZ3JCZ0VGQlFjQkF3UnVNR3d3RXdZR0JBQ09SZ0VHTUFrR0J3UUFqa1lCQmdJd1ZRWUdCQUNCbUNjQ01Fc3dKREFpQmdjRUFJR1lKd0VDREFaUVUxQmZVRWtHQndRQWdaZ25BUU1NQmxCVFVGOUJTUXdiUm1sdVlXNWphV0ZzSUVOdmJtUjFZM1FnUVhWMGFHOXlhWFI1REFaSFFpMUdRMEV3RlFZRFZSMGxCQTR3REFZS0t3WUJCQUdDTndvREREQ0I0QVlEVlIwZ0JJSFlNSUhWTUlIU0Jnc3JCZ0VFQWFoMWdRWUJaRENCd2pBcUJnZ3JCZ0VGQlFjQ0FSWWVhSFIwY0RvdkwyOWlMblJ5ZFhOMGFYTXVZMjl0TDNCdmJHbGphV1Z6TUlHVEJnZ3JCZ0VGQlFjQ0FqQ0JoZ3lCZzFWelpTQnZaaUIwYUdseklFTmxjblJwWm1sallYUmxJR052Ym5OMGFYUjFkR1Z6SUdGalkyVndkR0Z1WTJVZ2IyWWdkR2hsSUU5d1pXNUNZVzVyYVc1bklGSnZiM1FnUTBFZ1EyVnlkR2xtYVdOaGRHbHZiaUJRYjJ4cFkybGxjeUJoYm1RZ1EyVnlkR2xtYVdOaGRHVWdVSEpoWTNScFkyVWdVM1JoZEdWdFpXNTBNRzBHQ0NzR0FRVUZCd0VCQkdFd1h6QW1CZ2dyQmdFRkJRY3dBWVlhYUhSMGNEb3ZMMjlpTG5SeWRYTjBhWE11WTI5dEwyOWpjM0F3TlFZSUt3WUJCUVVITUFLR0tXaDBkSEE2THk5dllpNTBjblZ6ZEdsekxtTnZiUzl2WWw5d2NGOXBjM04xYVc1blkyRXVZM0owTURvR0ExVWRId1F6TURFd0w2QXRvQ3VHS1doMGRIQTZMeTl2WWk1MGNuVnpkR2x6TG1OdmJTOXZZbDl3Y0Y5cGMzTjFhVzVuWTJFdVkzSnNNQjhHQTFVZEl3UVlNQmFBRkZCemtjWWhjdE4zOVA0QUVnYUJYSGw1Ymo5UU1CMEdBMVVkRGdRV0JCUnRoRWtvUmJHOEhUOVBDMXNzWDVnRmRlL1BEakFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBc1dPdjQ3dk4wNXZ3MkxSdTM5TFFhVWRlQXlYSkM5eURrSVFISWFKZTJsVEI1UlN6amZYUlRMc3BubkVJZDNoOVMwMmpaUmRadmNHNDkrcEUxUHB4L2NCU0NLNzgvNU9rMExaVXlGMmw2dGZScXZrakpTVFhQVXBqL2RmR1dOdjVXUXo1bmlpOVBDYytVeW5ZNFZsVEdWZ0gwU0dPL3FqcFl6dGd6Qi9qSkN5UExMQlM4cHcvM0E3TmZ5VnNBakFDL3hMNHVhSzBtdFpqcVBZWFVabHZsWmxKdFpzSDBGdjRTcE1pRTdGbm80U0puNGxvczc4R2dMTFVyT0RuajFLS2dZU01uUytJZ2x6a3dkc2ttaGxLNmJ2TU91blVLMmRhbXVmdWxXVXhIVEhZRHhkNHNrZnRVR2psRVBlNWxmR25hWDROSVR2TUh5M1JlOFVEbUZEVm1nPT0iCiAgICAgICAgXSwKICAgICAgICAieDV0IjogIk5FVTZSakE2TmtRNk1UVTZORFk2TnpJNlJqRTZPRFE2UkVVNlF6azZPRFk2UXpZNk9EYzZPVUk2UmpVNk5EYzZOVE02UVVFNlJrVTZPREUiCiAgICAgIH0sCiAgICAgIHsKICAgICAgICAia2lkIjogIktKUGZqUXNxc09YdDNQeDM5bDdtQThVekl3WSIsCiAgICAgICAgImt0eSI6ICJSU0EiLAogICAgICAgICJuIjogIndxN0c4Tm9uOGNCUEZuNXBVNmlGYzY0ZUZ4XzNDazEwSXpLV2NTUWtDbjY0b2o0Ulh0YmNPTXRTVWsxVGZmUXo2dGRKXzFsZjAyVVhpeG9ZWm1HVnJxV2o5THhxamlzYWNsWUphdjF4WWJVMGhCckkyZkY2UVpQTHVyZXhoVEs3YVZQREotR2dqc0g1X0lHOHFSeEpiU0djQktFYWdFamVKZTNCTXduXzgtVXNHTE9fQlpfaUpOaUpPNjIyN0F2UDZ1dkxfZ3dLREFDRzVoM1dFWGFlY3BHOWtGVW9ReVJyMTdLNHh5TldOcDFDZTFOVHlyb3dSTzJyb3dHQWJhN3JKMVkwZ2RUaEt3WVpYWl9meHRaQW9kUXZHNGZkemNJWWRINFBXSHJoTGVLVUFRV2lrejVwOW42Tnc3SFdJX05YZlRXQWJIVFJkdGpNTlRKLXUzTVFTUSIsCiAgICAgICAgImUiOiAiQVFBQiIsCiAgICAgICAgInVzZSI6ICJ0bHMiLAogICAgICAgICJ4NWMiOiBbCiAgICAgICAgICAiTUlJRnhqQ0NCSzZnQXdJQkFnSUVXY1lETkRBTkJna3Foa2lHOXcwQkFRc0ZBREJUTVFzd0NRWURWUVFHRXdKSFFqRVVNQklHQTFVRUNoTUxUM0JsYmtKaGJtdHBibWN4TGpBc0JnTlZCQU1USlU5d1pXNUNZVzVyYVc1bklGQnlaUzFRY205a2RXTjBhVzl1SUVsemMzVnBibWNnUTBFd0hoY05NakF4TVRFNE1UVTFOakl4V2hjTk1qRXhNakU0TVRZeU5qSXhXakJ6TVFzd0NRWURWUVFHRXdKSFFqRWFNQmdHQTFVRUNoTVJWMU5QTWlBb1ZVc3BJRXhKVFVsVVJVUXhLekFwQmdOVkJHRVRJbEJUUkVkQ0xVOUNMVlZ1YTI1dmQyNHdNREUxT0RBd01EQXhTRkZSY2xwQlFWZ3hHekFaQmdOVkJBTVRFakF3TVRVNE1EQXdNREZJVVZGeVdrRkJXRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNS3V4dkRhSi9IQVR4WithVk9vaFhPdUhoY2Y5d3BOZENNeWxuRWtKQXArdUtJK0VWN1czRGpMVWxKTlUzMzBNK3JYU2Y5Wlg5TmxGNHNhR0daaGxhNmxvL1M4YW80ckduSldDV3I5Y1dHMU5JUWF5Tm54ZWtHVHk3cTNzWVV5dTJsVHd5ZmhvSTdCK2Z5QnZLa2NTVzBobkFTaEdvQkkzaVh0d1RNSi8vUGxMQml6dndXZjRpVFlpVHV0dHV3THorcnJ5LzRNQ2d3QWh1WWQxaEYybm5LUnZaQlZLRU1rYTlleXVNY2pWamFkUW50VFU4cTZNRVR0cTZNQmdHMnU2eWRXTklIVTRTc0dHVjJmMzhiV1FLSFVMeHVIM2MzQ0dIUitEMWg2NFMzaWxBRUZvcE0rYWZaK2pjT3gxaVB6VjMwMWdHeDAwWGJZekRVeWZydHpFRWtDQXdFQUFhT0NBb0F3Z2dKOE1BNEdBMVVkRHdFQi93UUVBd0lIZ0RCNkJnZ3JCZ0VGQlFjQkF3UnVNR3d3RXdZR0JBQ09SZ0VHTUFrR0J3UUFqa1lCQmdNd1ZRWUdCQUNCbUNjQ01Fc3dKREFpQmdjRUFJR1lKd0VDREFaUVUxQmZVRWtHQndRQWdaZ25BUU1NQmxCVFVGOUJTUXdiUm1sdVlXNWphV0ZzSUVOdmJtUjFZM1FnUVhWMGFHOXlhWFI1REFaSFFpMUdRMEV3SUFZRFZSMGxBUUgvQkJZd0ZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNSUhnQmdOVkhTQUVnZGd3Z2RVd2dkSUdDeXNHQVFRQnFIV0JCZ0ZrTUlIQ01Db0dDQ3NHQVFVRkJ3SUJGaDVvZEhSd09pOHZiMkl1ZEhKMWMzUnBjeTVqYjIwdmNHOXNhV05wWlhNd2daTUdDQ3NHQVFVRkJ3SUNNSUdHRElHRFZYTmxJRzltSUhSb2FYTWdRMlZ5ZEdsbWFXTmhkR1VnWTI5dWMzUnBkSFYwWlhNZ1lXTmpaWEIwWVc1alpTQnZaaUIwYUdVZ1QzQmxia0poYm10cGJtY2dVbTl2ZENCRFFTQkRaWEowYVdacFkyRjBhVzl1SUZCdmJHbGphV1Z6SUdGdVpDQkRaWEowYVdacFkyRjBaU0JRY21GamRHbGpaU0JUZEdGMFpXMWxiblF3YlFZSUt3WUJCUVVIQVFFRVlUQmZNQ1lHQ0NzR0FRVUZCekFCaGhwb2RIUndPaTh2YjJJdWRISjFjM1JwY3k1amIyMHZiMk56Y0RBMUJnZ3JCZ0VGQlFjd0FvWXBhSFIwY0RvdkwyOWlMblJ5ZFhOMGFYTXVZMjl0TDI5aVgzQndYMmx6YzNWcGJtZGpZUzVqY25Rd09nWURWUjBmQkRNd01UQXZvQzJnSzRZcGFIUjBjRG92TDI5aUxuUnlkWE4wYVhNdVkyOXRMMjlpWDNCd1gybHpjM1ZwYm1kallTNWpjbXd3SHdZRFZSMGpCQmd3Rm9BVVVIT1J4aUZ5MDNmMC9nQVNCb0ZjZVhsdVAxQXdIUVlEVlIwT0JCWUVGR21iSWJqclZiajZUZUJqcTN0UDREa1FyTUdHTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBekVzSnY4aU9xWng0cEVBYmtiS08rbDBBbFJ1a05wcE8vdnAvTWlpUUhhNTUxL3Nobml5Tm9nSmRGWFVMOVFrNEx1d2lRUHZKYytEaVZmZVRjZzgvbVBUSmdpaGl3bE85Y1YzZTY0Y1poMWFjSHM1QlBlS1dPS3ZCY1ZkaFBVeEM0cGhjckd3UXVwWXZLRnJ2SlBGWUlKNE5nekpydHdDUDFqQVZEMzRkd3N4SHhscFhkMGo0MGU4OERvWDhibXdrS3RvUjA3WEJtSWYwOG91OTlzNTc3T3ZHSDltcFNoSUJIZnBwa2xwVldPbDBmd3RIM3R5TEtwK1Yxd2U3bkp1M1VFUTBaS0t5Um5Vd2paZVJ2Ly80L2s0Wm9ROEVmRTRZZ1JodENzQmhlT2VEb1l2dm5zOWRJNHhJWjhFL0tFejVIQkJCclE0a1dWSTNFNGdBc0M2QzEiCiAgICAgICAgXSwKICAgICAgICAieDV0IjogIlJrVTZRemc2TVVJNk9VTTZRMFE2TkVZNk16VTZRamc2TWtJNk5EazZRak02TkVJNlJqSTZORUk2UkRZNk1EZzZRVUk2TURFNk1VSTZRVGciCiAgICAgIH0KICAgIF0KICB9LAogICJzb2Z0d2FyZV9wb2xpY3lfdXJpIjogImh0dHBzOi8vd3NvMi5jb20iLAogICJzb2Z0d2FyZV90b3NfdXJpIjogImh0dHBzOi8vd3NvMi5jb20iLAogICJzb2Z0d2FyZV9vbl9iZWhhbGZfb2Zfb3JnIjogIldTTzJPcGVuQmFua2luZyIKfQ==."
    }
  • In this scenario, WSO2 Open Banking expects a specific format in the SSA as well. 

     Click here to see the expected format of the SSA (decoded)...
    {
    "alg": "none"
    }
    {
      "iss": "OpenBanking NON OBIE TPP",
      "iat": 1612861771,
      "jti": "ec4bd6c5fb35407a",
      "software_environment": "sandbox",
      "software_mode": "Test",
      "software_client_name": "WSO2 Open Banking NONOBIE TPP7 (Sandbox)",
      "software_client_description": "WSO2 Open Banking",
      "software_version": 1.5,
      "software_client_uri": "https://wso2.com",
      "software_redirect_uris": [
        "https://wso2.com"
      ],
      "software_roles": [
        "AISP",
        "PISP",
        "CBPII"
      ],
      "software_logo_uri": "https://wso2.com/wso2.jpg",
      "org_status": "Active",
      "org_id": "0015800001HQQrZAAX",
      "org_name": "WSO2 (UK) LIMITED",
      "org_contacts": [
        {
          "name": "Technical",
          "email": "[email protected]",
          "phone": "+94774274974",
          "type": "Technical"
        },
        {
          "name": "Business",
          "email": "[email protected]",
          "phone": "+94774274974",
          "type": "Business"
        }
      ],
      "jwks": {
        "keys": [
          {
            "kid": "1pbTEt6v6_o0WpPFzmNXj6ediKw",
            "kty": "RSA",
            "n": "1ctp-2YTu0i6CIu0s9s4mMYYYKQxKndZWk_aQU3jaeK_xQeyX7006Bjr3tpgFuqgqnjGOeAEcP1_wVgkxKwJ04NEllUFP-pqDOIx15Nx-6ZrFVBzpGCG3bXwD75TXntQOUcYnxROPfV0ytQA8DVX1RhGeKM8v_K5o12u9DCwT-yu8iLpOwQDtorIixbNgS0S7EeLROQWR1m8LVBX0gPOfwWJGab_3xuXaZ4xhjNz2wyHZAFzDW-pD_g0rFy5xohTICSHZRdw_Y5YcNhCEuQX2h05vsTtg2IvoeZGTwmiENchjyn2hRbfjF_4mqIODL9GZ3cWORWelJSUpeoMKZJDVQ",
            "e": "AQAB",
            "use": "sig",
            "x5c": [
              "MIIFuzCCBKOgAwIBAgIEWcYDNTANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJHQjEUMBIGA1UEChMLT3BlbkJhbmtpbmcxLjAsBgNVBAMTJU9wZW5CYW5raW5nIFByZS1Qcm9kdWN0aW9uIElzc3VpbmcgQ0EwHhcNMjAxMTE4MTYwOTE5WhcNMjExMjE4MTYzOTE5WjBzMQswCQYDVQQGEwJHQjEaMBgGA1UEChMRV1NPMiAoVUspIExJTUlURUQxKzApBgNVBGETIlBTREdCLU9CLVVua25vd24wMDE1ODAwMDAxSFFRclpBQVgxGzAZBgNVBAMTEjAwMTU4MDAwMDFIUVFyWkFBWDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANXLaftmE7tIugiLtLPbOJjGGGCkMSp3WVpP2kFN42niv8UHsl+9NOgY697aYBbqoKp4xjngBHD9f8FYJMSsCdODRJZVBT/qagziMdeTcfumaxVQc6Rght218A++U157UDlHGJ8UTj31dMrUAPA1V9UYRnijPL/yuaNdrvQwsE/srvIi6TsEA7aKyIsWzYEtEuxHi0TkFkdZvC1QV9IDzn8FiRmm/98bl2meMYYzc9sMh2QBcw1vqQ/4NKxcucaIUyAkh2UXcP2OWHDYQhLkF9odOb7E7YNiL6HmRk8JohDXIY8p9oUW34xf+JqiDgy/Rmd3FjkVnpSUlKXqDCmSQ1UCAwEAAaOCAnUwggJxMA4GA1UdDwEB/wQEAwIGwDB6BggrBgEFBQcBAwRuMGwwEwYGBACORgEGMAkGBwQAjkYBBgIwVQYGBACBmCcCMEswJDAiBgcEAIGYJwECDAZQU1BfUEkGBwQAgZgnAQMMBlBTUF9BSQwbRmluYW5jaWFsIENvbmR1Y3QgQXV0aG9yaXR5DAZHQi1GQ0EwFQYDVR0lBA4wDAYKKwYBBAGCNwoDDDCB4AYDVR0gBIHYMIHVMIHSBgsrBgEEAah1gQYBZDCBwjAqBggrBgEFBQcCARYeaHR0cDovL29iLnRydXN0aXMuY29tL3BvbGljaWVzMIGTBggrBgEFBQcCAjCBhgyBg1VzZSBvZiB0aGlzIENlcnRpZmljYXRlIGNvbnN0aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIE9wZW5CYW5raW5nIFJvb3QgQ0EgQ2VydGlmaWNhdGlvbiBQb2xpY2llcyBhbmQgQ2VydGlmaWNhdGUgUHJhY3RpY2UgU3RhdGVtZW50MG0GCCsGAQUFBwEBBGEwXzAmBggrBgEFBQcwAYYaaHR0cDovL29iLnRydXN0aXMuY29tL29jc3AwNQYIKwYBBQUHMAKGKWh0dHA6Ly9vYi50cnVzdGlzLmNvbS9vYl9wcF9pc3N1aW5nY2EuY3J0MDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9vYi50cnVzdGlzLmNvbS9vYl9wcF9pc3N1aW5nY2EuY3JsMB8GA1UdIwQYMBaAFFBzkcYhctN39P4AEgaBXHl5bj9QMB0GA1UdDgQWBBRthEkoRbG8HT9PC1ssX5gFde/PDjANBgkqhkiG9w0BAQsFAAOCAQEAsWOv47vN05vw2LRu39LQaUdeAyXJC9yDkIQHIaJe2lTB5RSzjfXRTLspnnEId3h9S02jZRdZvcG49+pE1Ppx/cBSCK78/5Ok0LZUyF2l6tfRqvkjJSTXPUpj/dfGWNv5WQz5nii9PCc+UynY4VlTGVgH0SGO/qjpYztgzB/jJCyPLLBS8pw/3A7NfyVsAjAC/xL4uaK0mtZjqPYXUZlvlZlJtZsH0Fv4SpMiE7Fno4SJn4los78GgLLUrODnj1KKgYSMnS+IglzkwdskmhlK6bvMOunUK2damufulWUxHTHYDxd4skftUGjlEPe5lfGnaX4NITvMHy3Re8UDmFDVmg=="
            ],
            "x5t": "NEU6RjA6NkQ6MTU6NDY6NzI6RjE6ODQ6REU6Qzk6ODY6QzY6ODc6OUI6RjU6NDc6NTM6QUE6RkU6ODE"
          },
          {
            "kid": "KJPfjQsqsOXt3Px39l7mA8UzIwY",
            "kty": "RSA",
            "n": "wq7G8Non8cBPFn5pU6iFc64eFx_3Ck10IzKWcSQkCn64oj4RXtbcOMtSUk1TffQz6tdJ_1lf02UXixoYZmGVrqWj9LxqjisaclYJav1xYbU0hBrI2fF6QZPLurexhTK7aVPDJ-GgjsH5_IG8qRxJbSGcBKEagEjeJe3BMwn_8-UsGLO_BZ_iJNiJO6227AvP6uvL_gwKDACG5h3WEXaecpG9kFUoQyRr17K4xyNWNp1Ce1NTyrowRO2rowGAba7rJ1Y0gdThKwYZXZ_fxtZAodQvG4fdzcIYdH4PWHrhLeKUAQWikz5p9n6Nw7HWI_NXfTWAbHTRdtjMNTJ-u3MQSQ",
            "e": "AQAB",
            "use": "tls",
            "x5c": [
              "MIIFxjCCBK6gAwIBAgIEWcYDNDANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJHQjEUMBIGA1UEChMLT3BlbkJhbmtpbmcxLjAsBgNVBAMTJU9wZW5CYW5raW5nIFByZS1Qcm9kdWN0aW9uIElzc3VpbmcgQ0EwHhcNMjAxMTE4MTU1NjIxWhcNMjExMjE4MTYyNjIxWjBzMQswCQYDVQQGEwJHQjEaMBgGA1UEChMRV1NPMiAoVUspIExJTUlURUQxKzApBgNVBGETIlBTREdCLU9CLVVua25vd24wMDE1ODAwMDAxSFFRclpBQVgxGzAZBgNVBAMTEjAwMTU4MDAwMDFIUVFyWkFBWDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMKuxvDaJ/HATxZ+aVOohXOuHhcf9wpNdCMylnEkJAp+uKI+EV7W3DjLUlJNU330M+rXSf9ZX9NlF4saGGZhla6lo/S8ao4rGnJWCWr9cWG1NIQayNnxekGTy7q3sYUyu2lTwyfhoI7B+fyBvKkcSW0hnAShGoBI3iXtwTMJ//PlLBizvwWf4iTYiTuttuwLz+rry/4MCgwAhuYd1hF2nnKRvZBVKEMka9eyuMcjVjadQntTU8q6METtq6MBgG2u6ydWNIHU4SsGGV2f38bWQKHULxuH3c3CGHR+D1h64S3ilAEFopM+afZ+jcOx1iPzV301gGx00XbYzDUyfrtzEEkCAwEAAaOCAoAwggJ8MA4GA1UdDwEB/wQEAwIHgDB6BggrBgEFBQcBAwRuMGwwEwYGBACORgEGMAkGBwQAjkYBBgMwVQYGBACBmCcCMEswJDAiBgcEAIGYJwECDAZQU1BfUEkGBwQAgZgnAQMMBlBTUF9BSQwbRmluYW5jaWFsIENvbmR1Y3QgQXV0aG9yaXR5DAZHQi1GQ0EwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIHgBgNVHSAEgdgwgdUwgdIGCysGAQQBqHWBBgFkMIHCMCoGCCsGAQUFBwIBFh5odHRwOi8vb2IudHJ1c3Rpcy5jb20vcG9saWNpZXMwgZMGCCsGAQUFBwICMIGGDIGDVXNlIG9mIHRoaXMgQ2VydGlmaWNhdGUgY29uc3RpdHV0ZXMgYWNjZXB0YW5jZSBvZiB0aGUgT3BlbkJhbmtpbmcgUm9vdCBDQSBDZXJ0aWZpY2F0aW9uIFBvbGljaWVzIGFuZCBDZXJ0aWZpY2F0ZSBQcmFjdGljZSBTdGF0ZW1lbnQwbQYIKwYBBQUHAQEEYTBfMCYGCCsGAQUFBzABhhpodHRwOi8vb2IudHJ1c3Rpcy5jb20vb2NzcDA1BggrBgEFBQcwAoYpaHR0cDovL29iLnRydXN0aXMuY29tL29iX3BwX2lzc3VpbmdjYS5jcnQwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL29iLnRydXN0aXMuY29tL29iX3BwX2lzc3VpbmdjYS5jcmwwHwYDVR0jBBgwFoAUUHORxiFy03f0/gASBoFceXluP1AwHQYDVR0OBBYEFGmbIbjrVbj6TeBjq3tP4DkQrMGGMA0GCSqGSIb3DQEBCwUAA4IBAQAzEsJv8iOqZx4pEAbkbKO+l0AlRukNppO/vp/MiiQHa551/shniyNogJdFXUL9Qk4LuwiQPvJc+DiVfeTcg8/mPTJgihiwlO9cV3e64cZh1acHs5BPeKWOKvBcVdhPUxC4phcrGwQupYvKFrvJPFYIJ4NgzJrtwCP1jAVD34dwsxHxlpXd0j40e88DoX8bmwkKtoR07XBmIf08ou99s577OvGH9mpShIBHfppklpVWOl0fwtH3tyLKp+V1we7nJu3UEQ0ZKKyRnUwjZeRv//4/k4ZoQ8EfE4YgRhtCsBheOeDoYvvns9dI4xIZ8E/KEz5HBBBrQ4kWVI3E4gAsC6C1"
            ],
            "x5t": "RkU6Qzg6MUI6OUM6Q0Q6NEY6MzU6Qjg6MkI6NDk6QjM6NEI6RjI6NEI6RDY6MDg6QUI6MDE6MUI6QTg"
          }
        ]
      },
      "software_policy_uri": "https://wso2.com",
      "software_tos_uri": "https://wso2.com",
      "software_on_behalf_of_org": "WSO2OpenBanking"
    }
    • This is the same format mentioned in the IETF JSON Web Token specification. 
    • A self-signed SSA does not contain a signature.




Configuring application deletion workflow
  1. Sign in to the API Manager Management Console at https://<WSO2_OB_APIM_HOST>:9443/carbon, using the super admin credentials.
  2. On the Main tab, click Resources > Browse.
  3. Locate the /_system/governance/apimgt/applicationdata/workflow-extensions.xml registry file.
  4. Click workflow-extensions.xml to edit the file.
  5. Under the Content section, click Edit as text.

  6. Update the ApplicationDeletion executor value as follows: 

    <ApplicationDeletion executor="com.wso2.finance.open.banking.application.deletion.workflow.impl.ApplicationDeletionWorkflow"/>
  7. Click Save Content.

[Back To Top]


Registering an application 

If your application has one or more Callback URLs that exceed the default sizes, increase the column sizes of the CALLBACK_URL columns.

The Callback URLs are stored in the database as follows:

DatabaseTableColumnDefault Size
openbank_apimgtdbAM_APPLICATIONCALLBACK_URLvarchar 512
openbank_apimgtdbIDN_OAUTH_CONSUMER_APPSCALLBACK_URLvarchar 1024

To get the public transport and signing certificates, enrol the TPP in the Open Banking Directory and upload the Certificate Signing Request (CSR).

The API allows the TPP to request the ASPSP to register a new client. The process is as follows:

  1. The TPP sends a registration request,
    1. This is a POST request including a Software Statement Assertion (SSA) as a claim in the payload. This SSA contains client metadata. 

      The SSA should be obtained from the Open Banking Directory by the TPP. It is signed JWT issued by the Open Banking directory.

    2. In order to try out the flow with the eIDAS approach, the TPPs have to be registered in a Qualified Trust Service Provider (QTSP). You may use the QSeal/OBSeal certificates and QWAC/OBWAC certificates instead of the signing and transport certificates, in the given order. For more information, see eIDAS Implementation for UK

      1. For testing purposes, you may use the attached Signing certificates and Transport certificates, if you have configured the OB certificates:

    3. The automated DCR process is carried out by calling a synapse API in the gateway. The registration request relies on Mutual TLS authentication for TPP authentication. 
    4. For the DCR endpoints, it is advised to use the CA certificate.  To obtain the CA certificate, follow the steps below:
      1. Copy the content of your SSL certificate to a file named  certfile  using the following command. 

        openssl s_client -connect <WSO2_OB_APIM_HOST>:8243 |tee certfile
      2. Use the generated certfile  as the  cacert  parameter in the request.

  2. A sample request sent to the DCR registration endpoint is shown below:

    curl -X POST \
      https://<WSO2_OB_APIM_HOST>:8243/open-banking/v3.2/register \
      -H 'Content-Type: application/jwt'  \
      --cert <TRANSPORT_PUBLIC_KEY_FILE_PATH> --key <TRANSPORT_PRIVATE_KEY_FILE_PATH> \
      --cacert certfile \
      -d eyJ0eXAiOiJKV1QiLCJhbGciOiJQUzI1NiIsImtpZCI6IkR3TUtkV01tajdQV2ludm9xZlF5WFZ6eVo2USJ9.eyJpc3MiOiI5YjV1c0RwYk50bXhEY1R6czdHektwIiwiaWF0IjoxNjAxOTgyMDQyLCJleHAiOjE2MDcyNTI0NDIsImp0aSI6IjE2MDE5ODIwNDYiLCJhdWQiOiJodHRwczovL2xvY2FsaG9zdDo4MjQzL3Rva2VuIiwic2NvcGUiOiJhY2NvdW50cyBwYXltZW50cyIsInRva2VuX2VuZHBvaW50X2F1dGhfbWV0aG9kIjoicHJpdmF0ZV9rZXlfand0IiwiZ3JhbnRfdHlwZXMiOlsiYXV0aG9yaXphdGlvbl9jb2RlIiwicmVmcmVzaF90b2tlbiJdLCJyZXNwb25zZV90eXBlcyI6WyJjb2RlIGlkX3Rva2VuIl0sImlkX3Rva2VuX3NpZ25lZF9yZXNwb25zZV9hbGciOiJQUzI1NiIsInJlcXVlc3Rfb2JqZWN0X3NpZ25pbmdfYWxnIjoiUFMyNTYiLCJzb2Z0d2FyZV9pZCI6IjliNXVzRHBiTnRteERjVHpzN0d6S3AiLCJhcHBsaWNhdGlvbl90eXBlIjoid2ViIiwicmVkaXJlY3RfdXJpcyI6WyJodHRwczovL3dzbzIuY29tIl0sInRva2VuX2VuZHBvaW50X2F1dGhfc2lnbmluZ19hbGciOiJQUzI1NiIsInNvZnR3YXJlX3N0YXRlbWVudCI6ImV5SmhiR2NpT2lKUVV6STFOaUlzSW10cFpDSTZJa2g2WVRsMk5XSm5SRXBqVDI1b1kxVmFOMEpOZDJKVFRGODBUbFl3WjFOR2RrbHFZVk5ZWkVNdE1XTTlJaXdpZEhsd0lqb2lTbGRVSW4wLmV5SnBjM01pT2lKUGNHVnVRbUZ1YTJsdVp5Qk1kR1FpTENKcFlYUWlPakUxT1RJek5qUTFOamdzSW1wMGFTSTZJak5rTVdJek5UazFaV1poWXpSbE16WWlMQ0p6YjJaMGQyRnlaVjlsYm5acGNtOXViV1Z1ZENJNkluTmhibVJpYjNnaUxDSnpiMlowZDJGeVpWOXRiMlJsSWpvaVZHVnpkQ0lzSW5OdlpuUjNZWEpsWDJsa0lqb2lPV0kxZFhORWNHSk9kRzE0UkdOVWVuTTNSM3BMY0NJc0luTnZablIzWVhKbFgyTnNhV1Z1ZEY5cFpDSTZJamxpTlhWelJIQmlUblJ0ZUVSalZIcHpOMGQ2UzNBaUxDSnpiMlowZDJGeVpWOWpiR2xsYm5SZmJtRnRaU0k2SWxkVFR6SWdUM0JsYmlCQ1lXNXJhVzVuSUZSUVVDQW9VMkZ1WkdKdmVDa2lMQ0p6YjJaMGQyRnlaVjlqYkdsbGJuUmZaR1Z6WTNKcGNIUnBiMjRpT2lKVWFHbHpJRlJRVUNCSmN5QmpjbVZoZEdWa0lHWnZjaUIwWlhOMGFXNW5JSEIxY25CdmMyVnpMaUFpTENKemIyWjBkMkZ5WlY5MlpYSnphVzl1SWpveExqVXNJbk52Wm5SM1lYSmxYMk5zYVdWdWRGOTFjbWtpT2lKb2RIUndjem92TDNkemJ6SXVZMjl0SWl3aWMyOW1kSGRoY21WZmNtVmthWEpsWTNSZmRYSnBjeUk2V3lKb2RIUndjem92TDNkemJ6SXVZMjl0SWwwc0luTnZablIzWVhKbFgzSnZiR1Z6SWpwYklrRkpVMUFpTENKUVNWTlFJbDBzSW05eVoyRnVhWE5oZEdsdmJsOWpiMjF3WlhSbGJuUmZZWFYwYUc5eWFYUjVYMk5zWVdsdGN5STZleUpoZFhSb2IzSnBkSGxmYVdRaU9pSlBRa2RDVWlJc0luSmxaMmx6ZEhKaGRHbHZibDlwWkNJNklsVnVhMjV2ZDI0d01ERTFPREF3TURBeFNGRlJjbHBCUVZnaUxDSnpkR0YwZFhNaU9pSkJZM1JwZG1VaUxDSmhkWFJvYjNKcGMyRjBhVzl1Y3lJNlczc2liV1Z0WW1WeVgzTjBZWFJsSWpvaVIwSWlMQ0p5YjJ4bGN5STZXeUpCU1ZOUUlpd2lVRWxUVUNKZGZTeDdJbTFsYldKbGNsOXpkR0YwWlNJNklrbEZJaXdpY205c1pYTWlPbHNpUVVsVFVDSXNJbEJKVTFBaVhYMHNleUp0WlcxaVpYSmZjM1JoZEdVaU9pSk9UQ0lzSW5KdmJHVnpJanBiSWtGSlUxQWlMQ0pRU1ZOUUlsMTlYWDBzSW5OdlpuUjNZWEpsWDJ4dloyOWZkWEpwSWpvaWFIUjBjSE02THk5M2MyOHlMbU52YlM5M2MyOHlMbXB3WnlJc0ltOXlaMTl6ZEdGMGRYTWlPaUpCWTNScGRtVWlMQ0p2Y21kZmFXUWlPaUl3TURFMU9EQXdNREF4U0ZGUmNscEJRVmdpTENKdmNtZGZibUZ0WlNJNklsZFRUeklnS0ZWTEtTQk1TVTFKVkVWRUlpd2liM0puWDJOdmJuUmhZM1J6SWpwYmV5SnVZVzFsSWpvaVZHVmphRzVwWTJGc0lpd2laVzFoYVd3aU9pSnpZV05vYVc1cGMwQjNjMjh5TG1OdmJTSXNJbkJvYjI1bElqb2lLemswTnpjME1qYzBNemMwSWl3aWRIbHdaU0k2SWxSbFkyaHVhV05oYkNKOUxIc2libUZ0WlNJNklrSjFjMmx1WlhOeklpd2laVzFoYVd3aU9pSnpZV05vYVc1cGMwQjNjMjh5TG1OdmJTSXNJbkJvYjI1bElqb2lLemswTnpjME1qYzBNemMwSWl3aWRIbHdaU0k2SWtKMWMybHVaWE56SW4xZExDSnZjbWRmYW5kcmMxOWxibVJ3YjJsdWRDSTZJbWgwZEhCek9pOHZhMlY1YzNSdmNtVXViM0JsYm1KaGJtdHBibWQwWlhOMExtOXlaeTUxYXk4d01ERTFPREF3TURBeFNGRlJjbHBCUVZndk1EQXhOVGd3TURBd01VaFJVWEphUVVGWUxtcDNhM01pTENKdmNtZGZhbmRyYzE5eVpYWnZhMlZrWDJWdVpIQnZhVzUwSWpvaWFIUjBjSE02THk5clpYbHpkRzl5WlM1dmNHVnVZbUZ1YTJsdVozUmxjM1F1YjNKbkxuVnJMekF3TVRVNE1EQXdNREZJVVZGeVdrRkJXQzl5WlhadmEyVmtMekF3TVRVNE1EQXdNREZJVVZGeVdrRkJXQzVxZDJ0eklpd2ljMjltZEhkaGNtVmZhbmRyYzE5bGJtUndiMmx1ZENJNkltaDBkSEJ6T2k4dmEyVjVjM1J2Y21VdWIzQmxibUpoYm10cGJtZDBaWE4wTG05eVp5NTFheTh3TURFMU9EQXdNREF4U0ZGUmNscEJRVmd2T1dJMWRYTkVjR0pPZEcxNFJHTlVlbk0zUjNwTGNDNXFkMnR6SWl3aWMyOW1kSGRoY21WZmFuZHJjMTl5WlhadmEyVmtYMlZ1WkhCdmFXNTBJam9pYUhSMGNITTZMeTlyWlhsemRHOXlaUzV2Y0dWdVltRnVhMmx1WjNSbGMzUXViM0puTG5Wckx6QXdNVFU0TURBd01ERklVVkZ5V2tGQldDOXlaWFp2YTJWa0x6bGlOWFZ6UkhCaVRuUnRlRVJqVkhwek4wZDZTM0F1YW5kcmN5SXNJbk52Wm5SM1lYSmxYM0J2YkdsamVWOTFjbWtpT2lKb2RIUndjem92TDNkemJ6SXVZMjl0SWl3aWMyOW1kSGRoY21WZmRHOXpYM1Z5YVNJNkltaDBkSEJ6T2k4dmQzTnZNaTVqYjIwaUxDSnpiMlowZDJGeVpWOXZibDlpWldoaGJHWmZiMlpmYjNKbklqb2lWMU5QTWlCUGNHVnVJRUpoYm10cGJtY2lmUS5DQTE0b2dkY3BOd29IaUlKb3o2bVR4TnBNMndScnFpWkFjYm1LMFJuRHgyR0ROM0JIWW5aRzBFcTZWZ3lQYlByY1J5ZldsOGpRczJFU3NXYzVKU0J3ZWpIYnZwbng3a1ZCeVlrRzQ0ZGhvemFQQU5FWmx0Tmo0TTkxMkNnSGVLUGRfZDB1SUQ4ZElVcThfczJrWU1zb0NjY0JxR3lGVEl5bVZLMDFIWF9YXy1UN25wR19vdkU4Q0xnaWxNRmtpank1UGlGQzgzaG9weGl4ZVFmUmdkbUhDUl8xYm9rc2JGREszUlBJRWU1UGlPRHZYOHZsV0I4aVVHeTdQR3paMGlrWEJEMGx4OXAxQUpFeVlGM3gxcENqc1NIOHRKQzVFNUNHMHhaTFFQUGtUM0FfU3BqaVVoNUVsTmROY21UUG93MkxWU3hQOVF1c040dldwRU1VTmQ5cHcifQ.kq8UsDUcb6Ee55w4U4JhiifyUB0sSiTAnobLV1bwujfS2msdUfxDHqVjyrvx4NvPd54sXg3_k1EIRHLT4vT-zUkojqtWiB_v2ndo5UqvPUrIFoqY0IQznKBfD6cLlGQ0laYqxm_GJWAEdEv_O8Ggw_z1DMiZZRHF9Oln9zZtT95JcGeJ8JCQVDkaX_AM-fZrVaixfD4iBfy-n4H6LHCy94c1DrCM9wEGr7XfHLAVNdZe2Qbyjf1sVEPukK_ccw4AYcWUo3UJQ2WIKxZL4fBmb_3Z0ez9k31k6in86Hg4tHO9itXSVJvvzn8oAaYXXQrxfk4N1CojV3zk1bkhy6In3Q

    The payload is a signed JWT payload. To sign it, use the signing certificate issued by the Open Banking Directory.  The kid parameter of the header should match the values in the kid of the signing certificate provided by the Open Banking Directory. 

     Click here to see the format of the JWT payload once decoded.
    {
      "typ": "JWT",
      "alg": "PS256",
      "kid": "DwMKdWMmj7PWinvoqfQyXVzyZ6Q"
    }
    {
      "iss": "9b5usDpbNtmxDcTzs7GzKp",
      "iat": 1601982042,
      "exp": 1607252442,
      "jti": "1601982046",
      "aud": "https://localhost:8243/token",
      "scope": "accounts payments",
      "token_endpoint_auth_method": "private_key_jwt",
      "grant_types": [
        "authorization_code",
        "refresh_token"
      ],
      "response_types": [
        "code id_token"
      ],
      "id_token_signed_response_alg": "PS256",
      "request_object_signing_alg": "PS256",
      "software_id": "9b5usDpbNtmxDcTzs7GzKp",
      "application_type": "web",
      "redirect_uris": [
        "https://wso2.com"
      ],
      "token_endpoint_auth_signing_alg": "PS256",
      "software_statement": "eyJhbGciOiJQUzI1NiIsImtpZCI6Ikh6YTl2NWJnREpjT25oY1VaN0JNd2JTTF80TlYwZ1NGdklqYVNYZEMtMWM9IiwidHlwIjoiSldUIn0.eyJpc3MiOiJPcGVuQmFua2luZyBMdGQiLCJpYXQiOjE1OTIzNjQ1NjgsImp0aSI6IjNkMWIzNTk1ZWZhYzRlMzYiLCJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6InNhbmRib3giLCJzb2Z0d2FyZV9tb2RlIjoiVGVzdCIsInNvZnR3YXJlX2lkIjoiOWI1dXNEcGJOdG14RGNUenM3R3pLcCIsInNvZnR3YXJlX2NsaWVudF9pZCI6IjliNXVzRHBiTnRteERjVHpzN0d6S3AiLCJzb2Z0d2FyZV9jbGllbnRfbmFtZSI6IldTTzIgT3BlbiBCYW5raW5nIFRQUCAoU2FuZGJveCkiLCJzb2Z0d2FyZV9jbGllbnRfZGVzY3JpcHRpb24iOiJUaGlzIFRQUCBJcyBjcmVhdGVkIGZvciB0ZXN0aW5nIHB1cnBvc2VzLiAiLCJzb2Z0d2FyZV92ZXJzaW9uIjoxLjUsInNvZnR3YXJlX2NsaWVudF91cmkiOiJodHRwczovL3dzbzIuY29tIiwic29mdHdhcmVfcmVkaXJlY3RfdXJpcyI6WyJodHRwczovL3dzbzIuY29tIl0sInNvZnR3YXJlX3JvbGVzIjpbIkFJU1AiLCJQSVNQIl0sIm9yZ2FuaXNhdGlvbl9jb21wZXRlbnRfYXV0aG9yaXR5X2NsYWltcyI6eyJhdXRob3JpdHlfaWQiOiJPQkdCUiIsInJlZ2lzdHJhdGlvbl9pZCI6IlVua25vd24wMDE1ODAwMDAxSFFRclpBQVgiLCJzdGF0dXMiOiJBY3RpdmUiLCJhdXRob3Jpc2F0aW9ucyI6W3sibWVtYmVyX3N0YXRlIjoiR0IiLCJyb2xlcyI6WyJBSVNQIiwiUElTUCJdfSx7Im1lbWJlcl9zdGF0ZSI6IklFIiwicm9sZXMiOlsiQUlTUCIsIlBJU1AiXX0seyJtZW1iZXJfc3RhdGUiOiJOTCIsInJvbGVzIjpbIkFJU1AiLCJQSVNQIl19XX0sInNvZnR3YXJlX2xvZ29fdXJpIjoiaHR0cHM6Ly93c28yLmNvbS93c28yLmpwZyIsIm9yZ19zdGF0dXMiOiJBY3RpdmUiLCJvcmdfaWQiOiIwMDE1ODAwMDAxSFFRclpBQVgiLCJvcmdfbmFtZSI6IldTTzIgKFVLKSBMSU1JVEVEIiwib3JnX2NvbnRhY3RzIjpbeyJuYW1lIjoiVGVjaG5pY2FsIiwiZW1haWwiOiJzYWNoaW5pc0B3c28yLmNvbSIsInBob25lIjoiKzk0Nzc0Mjc0Mzc0IiwidHlwZSI6IlRlY2huaWNhbCJ9LHsibmFtZSI6IkJ1c2luZXNzIiwiZW1haWwiOiJzYWNoaW5pc0B3c28yLmNvbSIsInBob25lIjoiKzk0Nzc0Mjc0Mzc0IiwidHlwZSI6IkJ1c2luZXNzIn1dLCJvcmdfandrc19lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvMDAxNTgwMDAwMUhRUXJaQUFYLmp3a3MiLCJvcmdfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9yZXZva2VkLzAwMTU4MDAwMDFIUVFyWkFBWC5qd2tzIiwic29mdHdhcmVfandrc19lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvOWI1dXNEcGJOdG14RGNUenM3R3pLcC5qd2tzIiwic29mdHdhcmVfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9yZXZva2VkLzliNXVzRHBiTnRteERjVHpzN0d6S3AuandrcyIsInNvZnR3YXJlX3BvbGljeV91cmkiOiJodHRwczovL3dzbzIuY29tIiwic29mdHdhcmVfdG9zX3VyaSI6Imh0dHBzOi8vd3NvMi5jb20iLCJzb2Z0d2FyZV9vbl9iZWhhbGZfb2Zfb3JnIjoiV1NPMiBPcGVuIEJhbmtpbmcifQ.CA14ogdcpNwoHiIJoz6mTxNpM2wRrqiZAcbmK0RnDx2GDN3BHYnZG0Eq6VgyPbPrcRyfWl8jQs2ESsWc5JSBwejHbvpnx7kVByYkG44dhozaPANEZltNj4M912CgHeKPd_d0uID8dIUq8_s2kYMsoCccBqGyFTIymVK01HX_X_-T7npG_ovE8CLgilMFkijy5PiFC83hopxixeQfRgdmHCR_1boksbFDK3RPIEe5PiODvX8vlWB8iUGy7PGzZ0ikXBD0lx9p1AJEyYF3x1pCjsSH8tJC5E5CG0xZLQPPkT3A_SpjiUh5ElNdNcmTPow2LVSxP9QusN4vWpEMUNd9pw"
    }
    <signature>

    Include the following claims in the body of the request payload;

    ClaimDescriptionSource SpecificationOptionalComments
    issRequest issuer (the TPP)[RFC7519]NO
    iatTime of issuance of the request[RFC7519]NO
    expRequest expiration time[RFC7519]NO
    audRequest audience (the ASPSP)[RFC7519]NO
    jtiThe JWT ID[RFC7519]NO
    redirect_urisRegistered URIs the TPP uses to interact with the ASPSP AS[OIDC-R]NOMust match or be a subset of the software_redirect_uris claim in the SSA.


    token_endpoint_auth_method

    Specifies which token endpoint authentication method the TPP wants to use[RFC7591]NO

    private_key_jwt: If requested, the OP should extract the TPPs JWKS location from the included software statement assertion.

    tls_client_auth and private_key_jwt are the only FAPI compliant authentication methods. WSO2 Open Banking supports both these methods.

    grant_typesA JSON array specifying what the TPP can request to be supplied to the token endpoint as an exchange for an access token[RFC7591]NO
    response_typesA JSON array specifying what the TPP can request to be returned from the ASPSP authorization endpoint[RFC7591]YESA JSON array specifying what the TPP can request to be returned from the ASPSP authorisation endpoint. ASPSPs MAY reject the request if any of the requested response_types are not supported by it (as advertised at its .well-known end-points) Defaults to code id_token if not specified.


    software_id

    The application name that is mentioned as software_client_id in the SSA.[RFC7591]YESIf specified, the software_id in the request must match the software_id specified in the SSA. ASPSPs can choose to allow multiple registrations for a given software client name and may take the software_id from either the SSA or the TPP as a hint.


    scope


    The scopes requested by the client (if not specified, default scopes are assigned by the AS)

    [RFC7591]YES

    The minimum scope should be openid + whatever scopes are appropriate for the PSD2 role of the software.

    The scopes are space delimited values.

    software_statementThe SSA issued by Open Banking identifier[RFC7519]NO
    application_typeSpecifies whether the application type is web or mobile[OIDC-R]NOMust be web, if specified.
    id_token_signed_response_algThe algorithm with which the TPP expects to sign the id_token if an id_token is returned[OIDC-R]NOSupported values must comply with [FAPI-RW] Section 8.6.

    request_object_signing_alg


    The algorithm with which the TPP expects to sign the request object if a request object is part of the authorization request sent to the ASPSP.[OIDC-R]NOSupported values must comply with [FAPI-RW] Section 8.6.

    The payload contains an SSA. 

     Click here to see a decoded SSA...
    {
      "alg": "PS256",
      "kid": "Hza9v5bgDJcOnhcUZ7BMwbSL_4NV0gSFvIjaSXdC-1c=",
      "typ": "JWT"
    }
    {
      "iss": "OpenBanking Ltd",
      "iat": 1592364568,
      "jti": "3d1b3595efac4e36",
      "software_environment": "sandbox",
      "software_mode": "Test",
      "software_id": "9b5usDpbNtmxDcTzs7GzKp",
      "software_client_id": "9b5usDpbNtmxDcTzs7GzKp",
      "software_client_name": "WSO2 Open Banking TPP (Sandbox)",
      "software_client_description": "This TPP Is created for testing purposes. ",
      "software_version": 1.5,
      "software_client_uri": "https://wso2.com",
      "software_redirect_uris": [
        "https://wso2.com"
      ],
      "software_roles": [
        "AISP",
        "PISP"
      ],
      "organisation_competent_authority_claims": {
        "authority_id": "OBGBR",
        "registration_id": "Unknown0015800001HQQrZAAX",
        "status": "Active",
        "authorisations": [
          {
            "member_state": "GB",
            "roles": [
              "AISP",
              "PISP"
            ]
          },
          {
            "member_state": "IE",
            "roles": [
              "AISP",
              "PISP"
            ]
          },
          {
            "member_state": "NL",
            "roles": [
              "AISP",
              "PISP"
            ]
          }
        ]
      },
      "software_logo_uri": "https://wso2.com/wso2.jpg",
      "org_status": "Active",
      "org_id": "0015800001HQQrZAAX",
      "org_name": "WSO2 (UK) LIMITED",
      "org_contacts": [
        {
          "name": "Technical",
          "email": "[email protected]",
          "phone": "+94771231234",
          "type": "Technical"
        },
        {
          "name": "Business",
          "email": "[email protected]",
          "phone": "+94771231235",
          "type": "Business"
        }
      ],
      "org_jwks_endpoint": "https://keystore.openbankingtest.org.uk/0015800001HQQrZAAX/0015800001HQQrZAAX.jwks",
      "org_jwks_revoked_endpoint": "https://keystore.openbankingtest.org.uk/0015800001HQQrZAAX/revoked/0015800001HQQrZAAX.jwks",
      "software_jwks_endpoint": "https://keystore.openbankingtest.org.uk/0015800001HQQrZAAX/9b5usDpbNtmxDcTzs7GzKp.jwks",
      "software_jwks_revoked_endpoint": "https://keystore.openbankingtest.org.uk/0015800001HQQrZAAX/revoked/9b5usDpbNtmxDcTzs7GzKp.jwks",
      "software_policy_uri": "https://wso2.com",
      "software_tos_uri": "https://wso2.com",
      "software_on_behalf_of_org": "WSO2 Open Banking"
    }
  3. The ASPSP validates the SSA based on the specifications provided in the Open Banking OpenID Dynamic Client (OIDC) Registration specification.
  4. The ASPSP registers the client application using the metadata sent in the SSA.

    • If client creation is successful, the ASPSP responds with a JSON payload that describes the client that was created. The TPP can then use the client to access resources on the ASPSP's resource server. 

    • If client creation is unsuccessful, the ASPSP responds with an error payload.

      A sample response is given below: 

      {
         "client_id":"kbLnJJ_uQL2Ye68uaCRbPIJOR4Ua",
         "client_id_issued_at":1601991722,
         "redirect_uris":[
            "https://wso2.com"
         ],
         "grant_types":[
            "authorization_code",
            "refresh_token"
         ],
         "application_type":"web",
         "id_token_signed_response_alg":"PS256",
         "token_endpoint_auth_signing_alg":"PS256",
         "request_object_signing_alg":"PS256",
         "scope":"accounts payments",
         "software_id":"9b5usDpbNtmxDcTzs7GzKp",
         "client_secret":"4nvgJQ0eSffFTtlLrfp0DqIfoLsa",
         "client_secret_expires_at":0,
         "token_endpoint_auth_method":"private_key_jwt",
         "response_types":[
            "code id_token"
         ],
         "software_statement":"eyJhbGciOiJQUzI1NiIsImtpZCI6Ikh6YTl2NWJnREpjT25oY1VaN0JNd2JTTF80TlYwZ1NGdklqYVNYZEMtMWM9IiwidHlwIjoiSldUIn0.eyJpc3MiOiJPcGVuQmFua2luZyBMdGQiLCJpYXQiOjE1OTIzNjQ1NjgsImp0aSI6IjNkMWIzNTk1ZWZhYzRlMzYiLCJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6InNhbmRib3giLCJzb2Z0d2FyZV9tb2RlIjoiVGVzdCIsInNvZnR3YXJlX2lkIjoiOWI1dXNEcGJOdG14RGNUenM3R3pLcCIsInNvZnR3YXJlX2NsaWVudF9pZCI6IjliNXVzRHBiTnRteERjVHpzN0d6S3AiLCJzb2Z0d2FyZV9jbGllbnRfbmFtZSI6IldTTzIgT3BlbiBCYW5raW5nIFRQUCAoU2FuZGJveCkiLCJzb2Z0d2FyZV9jbGllbnRfZGVzY3JpcHRpb24iOiJUaGlzIFRQUCBJcyBjcmVhdGVkIGZvciB0ZXN0aW5nIHB1cnBvc2VzLiAiLCJzb2Z0d2FyZV92ZXJzaW9uIjoxLjUsInNvZnR3YXJlX2NsaWVudF91cmkiOiJodHRwczovL3dzbzIuY29tIiwic29mdHdhcmVfcmVkaXJlY3RfdXJpcyI6WyJodHRwczovL3dzbzIuY29tIl0sInNvZnR3YXJlX3JvbGVzIjpbIkFJU1AiLCJQSVNQIl0sIm9yZ2FuaXNhdGlvbl9jb21wZXRlbnRfYXV0aG9yaXR5X2NsYWltcyI6eyJhdXRob3JpdHlfaWQiOiJPQkdCUiIsInJlZ2lzdHJhdGlvbl9pZCI6IlVua25vd24wMDE1ODAwMDAxSFFRclpBQVgiLCJzdGF0dXMiOiJBY3RpdmUiLCJhdXRob3Jpc2F0aW9ucyI6W3sibWVtYmVyX3N0YXRlIjoiR0IiLCJyb2xlcyI6WyJBSVNQIiwiUElTUCJdfSx7Im1lbWJlcl9zdGF0ZSI6IklFIiwicm9sZXMiOlsiQUlTUCIsIlBJU1AiXX0seyJtZW1iZXJfc3RhdGUiOiJOTCIsInJvbGVzIjpbIkFJU1AiLCJQSVNQIl19XX0sInNvZnR3YXJlX2xvZ29fdXJpIjoiaHR0cHM6Ly93c28yLmNvbS93c28yLmpwZyIsIm9yZ19zdGF0dXMiOiJBY3RpdmUiLCJvcmdfaWQiOiIwMDE1ODAwMDAxSFFRclpBQVgiLCJvcmdfbmFtZSI6IldTTzIgKFVLKSBMSU1JVEVEIiwib3JnX2NvbnRhY3RzIjpbeyJuYW1lIjoiVGVjaG5pY2FsIiwiZW1haWwiOiJzYWNoaW5pc0B3c28yLmNvbSIsInBob25lIjoiKzk0Nzc0Mjc0Mzc0IiwidHlwZSI6IlRlY2huaWNhbCJ9LHsibmFtZSI6IkJ1c2luZXNzIiwiZW1haWwiOiJzYWNoaW5pc0B3c28yLmNvbSIsInBob25lIjoiKzk0Nzc0Mjc0Mzc0IiwidHlwZSI6IkJ1c2luZXNzIn1dLCJvcmdfandrc19lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvMDAxNTgwMDAwMUhRUXJaQUFYLmp3a3MiLCJvcmdfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9yZXZva2VkLzAwMTU4MDAwMDFIUVFyWkFBWC5qd2tzIiwic29mdHdhcmVfandrc19lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvOWI1dXNEcGJOdG14RGNUenM3R3pLcC5qd2tzIiwic29mdHdhcmVfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9yZXZva2VkLzliNXVzRHBiTnRteERjVHpzN0d6S3AuandrcyIsInNvZnR3YXJlX3BvbGljeV91cmkiOiJodHRwczovL3dzbzIuY29tIiwic29mdHdhcmVfdG9zX3VyaSI6Imh0dHBzOi8vd3NvMi5jb20iLCJzb2Z0d2FyZV9vbl9iZWhhbGZfb2Zfb3JnIjoiV1NPMiBPcGVuIEJhbmtpbmcifQ.CA14ogdcpNwoHiIJoz6mTxNpM2wRrqiZAcbmK0RnDx2GDN3BHYnZG0Eq6VgyPbPrcRyfWl8jQs2ESsWc5JSBwejHbvpnx7kVByYkG44dhozaPANEZltNj4M912CgHeKPd_d0uID8dIUq8_s2kYMsoCccBqGyFTIymVK01HX_X_-T7npG_ovE8CLgilMFkijy5PiFC83hopxixeQfRgdmHCR_1boksbFDK3RPIEe5PiODvX8vlWB8iUGy7PGzZ0ikXBD0lx9p1AJEyYF3x1pCjsSH8tJC5E5CG0xZLQPPkT3A_SpjiUh5ElNdNcmTPow2LVSxP9QusN4vWpEMUNd9pw"
      }
  5. Generate a Client Credentials grant access token for the application. 

[Back To Top]


Retrieving an application 

The API allows the TPP to retrieve the details for a client that has already been registered. The request relies on Mutual TLS authentication and application access token ( Client Credentials grant  type) for TPP authentication. 

 Click here for a sample application access token
curl -X POST \
  https://localhost:8243/token \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'ssl.client.auth.cert.X509: MIIFODCCBCCgAwIBAgIEWcVqyzANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJH' -k \
  -d 'grant_type=client_credentials&scope=openid%20&client_assertion=eyJraWQiOiJoY2dleHVndVZiNXJZU1lWQnNsLWM5aEJQdlkiLCJhbGciOiJQUzI1NiJ9.eyJzdWIiOiJ1aHo5NWVTaUtrMmxUeld4YzRqckxUWHh3RThhIiwiYXVkIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6ODI0My90b2tlbiIsImlzcyI6InVoejk1ZVNpS2sybFR6V3hjNGpyTFRYeHdFOGEiLCJleHAiOjE1OTkxODcyMDEsImlhdCI6MTU3MDA3NjUyNiwianRpIjoiMTU1NDE5MjU0MTkifQ.sb-lwJhbtbaPrCvftyNcDLUt3uqtANXdJkbCNG6x7BL57b4cqkxo20BKHn4Cnvd8f00OIfuEQLBKo5BH9bpkt06MVsoZdEhq4YMT_FqUZb_38B-MEmWuaE2n6-ZCa_Jlp8TZ49PRY_q-Zz-y8WkDF2Hy51lulL5exxq0eGfNzGNMHk9_yQeEPte2-IY7NHPNpY0WpPKpYTUHPvDC3u_o5oL7WAcdE5bwqZQ4M5VcQf_QSqVLxrRpFv2FO9FBiU_iTG1S9CgNrYICzlgk9Gg2DhFu75iqcrjpGiEcXjSULKwRT89j--jJMWSCSuJ64OFllao3x56JecxxGdlA0HuaSw&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&redirect_uri=https%3A%2F%2Fwso2.com%2F'

The request has one path parameter named ClientId . It specifies the ClientId  of the application that the TPP wants to retrieve details.

  • If the request is successful and the identifier( ClientId ) matches the client to whom the Client Credentials grant access token was issued, the ASPSP returns details of the requested client
  • If the ClientId is unknown, the ASPSP responds with an Unauthorized status code and immediately revokes the access token

Given below is a sample request sent to the retrieving endpoint:

curl -X GET \
  https://<WSO2_OB_APIM_HOST>:8243/open-banking/v3.2/register/<CLIENT_ID> \
  -H 'Authorization: Bearer <APPLICATION_ACCESS_TOKEN>'  \
  --cacert certfile \
  --cert <TRANSPORT_PUBLIC_KEY_FILE_PATH> --key <TRANSPORT_PRIVATE_KEY_FILE_PATH>
{
   "client_id":"kbLnJJ_uQL2Ye68uaCRbPIJOR4Ua",
   "client_id_issued_at":1601991722,
   "redirect_uris":[
      "https://wso2.com"
   ],
   "grant_types":[
      "authorization_code",
      "refresh_token"
   ],
   "application_type":"web",
   "id_token_signed_response_alg":"PS256",
   "token_endpoint_auth_signing_alg":"PS256",
   "request_object_signing_alg":"PS256",
   "scope":"accounts payments",
   "software_id":"9b5usDpbNtmxDcTzs7GzKp",
   "client_secret":"4nvgJQ0eSffFTtlLrfp0DqIfoLsa",
   "client_secret_expires_at":0,
   "token_endpoint_auth_method":"private_key_jwt",
   "response_types":[
      "code id_token"
   ],
   "software_statement":"eyJhbGciOiJQUzI1NiIsImtpZCI6Ikh6YTl2NWJnREpjT25oY1VaN0JNd2JTTF80TlYwZ1NGdklqYVNYZEMtMWM9IiwidHlwIjoiSldUIn0.eyJpc3MiOiJPcGVuQmFua2luZyBMdGQiLCJpYXQiOjE1OTIzNjQ1NjgsImp0aSI6IjNkMWIzNTk1ZWZhYzRlMzYiLCJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6InNhbmRib3giLCJzb2Z0d2FyZV9tb2RlIjoiVGVzdCIsInNvZnR3YXJlX2lkIjoiOWI1dXNEcGJOdG14RGNUenM3R3pLcCIsInNvZnR3YXJlX2NsaWVudF9pZCI6IjliNXVzRHBiTnRteERjVHpzN0d6S3AiLCJzb2Z0d2FyZV9jbGllbnRfbmFtZSI6IldTTzIgT3BlbiBCYW5raW5nIFRQUCAoU2FuZGJveCkiLCJzb2Z0d2FyZV9jbGllbnRfZGVzY3JpcHRpb24iOiJUaGlzIFRQUCBJcyBjcmVhdGVkIGZvciB0ZXN0aW5nIHB1cnBvc2VzLiAiLCJzb2Z0d2FyZV92ZXJzaW9uIjoxLjUsInNvZnR3YXJlX2NsaWVudF91cmkiOiJodHRwczovL3dzbzIuY29tIiwic29mdHdhcmVfcmVkaXJlY3RfdXJpcyI6WyJodHRwczovL3dzbzIuY29tIl0sInNvZnR3YXJlX3JvbGVzIjpbIkFJU1AiLCJQSVNQIl0sIm9yZ2FuaXNhdGlvbl9jb21wZXRlbnRfYXV0aG9yaXR5X2NsYWltcyI6eyJhdXRob3JpdHlfaWQiOiJPQkdCUiIsInJlZ2lzdHJhdGlvbl9pZCI6IlVua25vd24wMDE1ODAwMDAxSFFRclpBQVgiLCJzdGF0dXMiOiJBY3RpdmUiLCJhdXRob3Jpc2F0aW9ucyI6W3sibWVtYmVyX3N0YXRlIjoiR0IiLCJyb2xlcyI6WyJBSVNQIiwiUElTUCJdfSx7Im1lbWJlcl9zdGF0ZSI6IklFIiwicm9sZXMiOlsiQUlTUCIsIlBJU1AiXX0seyJtZW1iZXJfc3RhdGUiOiJOTCIsInJvbGVzIjpbIkFJU1AiLCJQSVNQIl19XX0sInNvZnR3YXJlX2xvZ29fdXJpIjoiaHR0cHM6Ly93c28yLmNvbS93c28yLmpwZyIsIm9yZ19zdGF0dXMiOiJBY3RpdmUiLCJvcmdfaWQiOiIwMDE1ODAwMDAxSFFRclpBQVgiLCJvcmdfbmFtZSI6IldTTzIgKFVLKSBMSU1JVEVEIiwib3JnX2NvbnRhY3RzIjpbeyJuYW1lIjoiVGVjaG5pY2FsIiwiZW1haWwiOiJzYWNoaW5pc0B3c28yLmNvbSIsInBob25lIjoiKzk0Nzc0Mjc0Mzc0IiwidHlwZSI6IlRlY2huaWNhbCJ9LHsibmFtZSI6IkJ1c2luZXNzIiwiZW1haWwiOiJzYWNoaW5pc0B3c28yLmNvbSIsInBob25lIjoiKzk0Nzc0Mjc0Mzc0IiwidHlwZSI6IkJ1c2luZXNzIn1dLCJvcmdfandrc19lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvMDAxNTgwMDAwMUhRUXJaQUFYLmp3a3MiLCJvcmdfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9yZXZva2VkLzAwMTU4MDAwMDFIUVFyWkFBWC5qd2tzIiwic29mdHdhcmVfandrc19lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvOWI1dXNEcGJOdG14RGNUenM3R3pLcC5qd2tzIiwic29mdHdhcmVfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9yZXZva2VkLzliNXVzRHBiTnRteERjVHpzN0d6S3AuandrcyIsInNvZnR3YXJlX3BvbGljeV91cmkiOiJodHRwczovL3dzbzIuY29tIiwic29mdHdhcmVfdG9zX3VyaSI6Imh0dHBzOi8vd3NvMi5jb20iLCJzb2Z0d2FyZV9vbl9iZWhhbGZfb2Zfb3JnIjoiV1NPMiBPcGVuIEJhbmtpbmcifQ.CA14ogdcpNwoHiIJoz6mTxNpM2wRrqiZAcbmK0RnDx2GDN3BHYnZG0Eq6VgyPbPrcRyfWl8jQs2ESsWc5JSBwejHbvpnx7kVByYkG44dhozaPANEZltNj4M912CgHeKPd_d0uID8dIUq8_s2kYMsoCccBqGyFTIymVK01HX_X_-T7npG_ovE8CLgilMFkijy5PiFC83hopxixeQfRgdmHCR_1boksbFDK3RPIEe5PiODvX8vlWB8iUGy7PGzZ0ikXBD0lx9p1AJEyYF3x1pCjsSH8tJC5E5CG0xZLQPPkT3A_SpjiUh5ElNdNcmTPow2LVSxP9QusN4vWpEMUNd9pw"
}

[Back To Top]


Updating an application

The API allows the TPP to request the ASPSP to modify one or more attributes related to an existing client. The request relies on Mutual TLS authentication and application access token (Client Credentials grant type) for TPP authentication.

 Click here for a sample application access token
curl -X PUT \
  https://<WSO2_OB_APIM_HOST>:8243/open-banking/v3.2/register/<CLIENT_ID> \
  -H 'Authorization: Bearer <APPLICATION_ACCESS_TOKEN>' \
  --cert <TRANSPORT_PUBLIC_KEY_FILE_PATH> --key <TRANSPORT_PRIVATE_KEY_FILE_PATH> \
  -d  eyJ0eXAiOiJKV1QiLCJhbGciOiJQUzI1NiIsImtpZCI6IkR3TUtkV01tajdQV2ludm9xZlF5WFZ6eVo2USJ9.eyJpc3MiOiI5YjV1c0RwYk50bXhEY1R6czdHektwIiwiaWF0IjoxNjAxOTgyMDQyLCJleHAiOjE2MDcyNTI0NDIsImp0aSI6IjE2MDE5ODIwNDYiLCJhdWQiOiJodHRwczovL2xvY2FsaG9zdDo4MjQzL3Rva2VuIiwic2NvcGUiOiJhY2NvdW50cyBwYXltZW50cyIsInRva2VuX2VuZHBvaW50X2F1dGhfbWV0aG9kIjoicHJpdmF0ZV9rZXlfand0IiwiZ3JhbnRfdHlwZXMiOlsiYXV0aG9yaXphdGlvbl9jb2RlIiwicmVmcmVzaF90b2tlbiJdLCJyZXNwb25zZV90eXBlcyI6WyJjb2RlIGlkX3Rva2VuIl0sImlkX3Rva2VuX3NpZ25lZF9yZXNwb25zZV9hbGciOiJQUzI1NiIsInJlcXVlc3Rfb2JqZWN0X3NpZ25pbmdfYWxnIjoiUFMyNTYiLCJzb2Z0d2FyZV9pZCI6IjliNXVzRHBiTnRteERjVHpzN0d6S3AiLCJhcHBsaWNhdGlvbl90eXBlIjoid2ViIiwicmVkaXJlY3RfdXJpcyI6WyJodHRwczovL3dzbzIuY29tIl0sInRva2VuX2VuZHBvaW50X2F1dGhfc2lnbmluZ19hbGciOiJQUzI1NiIsInNvZnR3YXJlX3N0YXRlbWVudCI6ImV5SmhiR2NpT2lKUVV6STFOaUlzSW10cFpDSTZJa2g2WVRsMk5XSm5SRXBqVDI1b1kxVmFOMEpOZDJKVFRGODBUbFl3WjFOR2RrbHFZVk5ZWkVNdE1XTTlJaXdpZEhsd0lqb2lTbGRVSW4wLmV5SnBjM01pT2lKUGNHVnVRbUZ1YTJsdVp5Qk1kR1FpTENKcFlYUWlPakUxT1RJek5qUTFOamdzSW1wMGFTSTZJak5rTVdJek5UazFaV1poWXpSbE16WWlMQ0p6YjJaMGQyRnlaVjlsYm5acGNtOXViV1Z1ZENJNkluTmhibVJpYjNnaUxDSnpiMlowZDJGeVpWOXRiMlJsSWpvaVZHVnpkQ0lzSW5OdlpuUjNZWEpsWDJsa0lqb2lPV0kxZFhORWNHSk9kRzE0UkdOVWVuTTNSM3BMY0NJc0luTnZablIzWVhKbFgyTnNhV1Z1ZEY5cFpDSTZJamxpTlhWelJIQmlUblJ0ZUVSalZIcHpOMGQ2UzNBaUxDSnpiMlowZDJGeVpWOWpiR2xsYm5SZmJtRnRaU0k2SWxkVFR6SWdUM0JsYmlCQ1lXNXJhVzVuSUZSUVVDQW9VMkZ1WkdKdmVDa2lMQ0p6YjJaMGQyRnlaVjlqYkdsbGJuUmZaR1Z6WTNKcGNIUnBiMjRpT2lKVWFHbHpJRlJRVUNCSmN5QmpjbVZoZEdWa0lHWnZjaUIwWlhOMGFXNW5JSEIxY25CdmMyVnpMaUFpTENKemIyWjBkMkZ5WlY5MlpYSnphVzl1SWpveExqVXNJbk52Wm5SM1lYSmxYMk5zYVdWdWRGOTFjbWtpT2lKb2RIUndjem92TDNkemJ6SXVZMjl0SWl3aWMyOW1kSGRoY21WZmNtVmthWEpsWTNSZmRYSnBjeUk2V3lKb2RIUndjem92TDNkemJ6SXVZMjl0SWwwc0luTnZablIzWVhKbFgzSnZiR1Z6SWpwYklrRkpVMUFpTENKUVNWTlFJbDBzSW05eVoyRnVhWE5oZEdsdmJsOWpiMjF3WlhSbGJuUmZZWFYwYUc5eWFYUjVYMk5zWVdsdGN5STZleUpoZFhSb2IzSnBkSGxmYVdRaU9pSlBRa2RDVWlJc0luSmxaMmx6ZEhKaGRHbHZibDlwWkNJNklsVnVhMjV2ZDI0d01ERTFPREF3TURBeFNGRlJjbHBCUVZnaUxDSnpkR0YwZFhNaU9pSkJZM1JwZG1VaUxDSmhkWFJvYjNKcGMyRjBhVzl1Y3lJNlczc2liV1Z0WW1WeVgzTjBZWFJsSWpvaVIwSWlMQ0p5YjJ4bGN5STZXeUpCU1ZOUUlpd2lVRWxUVUNKZGZTeDdJbTFsYldKbGNsOXpkR0YwWlNJNklrbEZJaXdpY205c1pYTWlPbHNpUVVsVFVDSXNJbEJKVTFBaVhYMHNleUp0WlcxaVpYSmZjM1JoZEdVaU9pSk9UQ0lzSW5KdmJHVnpJanBiSWtGSlUxQWlMQ0pRU1ZOUUlsMTlYWDBzSW5OdlpuUjNZWEpsWDJ4dloyOWZkWEpwSWpvaWFIUjBjSE02THk5M2MyOHlMbU52YlM5M2MyOHlMbXB3WnlJc0ltOXlaMTl6ZEdGMGRYTWlPaUpCWTNScGRtVWlMQ0p2Y21kZmFXUWlPaUl3TURFMU9EQXdNREF4U0ZGUmNscEJRVmdpTENKdmNtZGZibUZ0WlNJNklsZFRUeklnS0ZWTEtTQk1TVTFKVkVWRUlpd2liM0puWDJOdmJuUmhZM1J6SWpwYmV5SnVZVzFsSWpvaVZHVmphRzVwWTJGc0lpd2laVzFoYVd3aU9pSnpZV05vYVc1cGMwQjNjMjh5TG1OdmJTSXNJbkJvYjI1bElqb2lLemswTnpjME1qYzBNemMwSWl3aWRIbHdaU0k2SWxSbFkyaHVhV05oYkNKOUxIc2libUZ0WlNJNklrSjFjMmx1WlhOeklpd2laVzFoYVd3aU9pSnpZV05vYVc1cGMwQjNjMjh5TG1OdmJTSXNJbkJvYjI1bElqb2lLemswTnpjME1qYzBNemMwSWl3aWRIbHdaU0k2SWtKMWMybHVaWE56SW4xZExDSnZjbWRmYW5kcmMxOWxibVJ3YjJsdWRDSTZJbWgwZEhCek9pOHZhMlY1YzNSdmNtVXViM0JsYm1KaGJtdHBibWQwWlhOMExtOXlaeTUxYXk4d01ERTFPREF3TURBeFNGRlJjbHBCUVZndk1EQXhOVGd3TURBd01VaFJVWEphUVVGWUxtcDNhM01pTENKdmNtZGZhbmRyYzE5eVpYWnZhMlZrWDJWdVpIQnZhVzUwSWpvaWFIUjBjSE02THk5clpYbHpkRzl5WlM1dmNHVnVZbUZ1YTJsdVozUmxjM1F1YjNKbkxuVnJMekF3TVRVNE1EQXdNREZJVVZGeVdrRkJXQzl5WlhadmEyVmtMekF3TVRVNE1EQXdNREZJVVZGeVdrRkJXQzVxZDJ0eklpd2ljMjltZEhkaGNtVmZhbmRyYzE5bGJtUndiMmx1ZENJNkltaDBkSEJ6T2k4dmEyVjVjM1J2Y21VdWIzQmxibUpoYm10cGJtZDBaWE4wTG05eVp5NTFheTh3TURFMU9EQXdNREF4U0ZGUmNscEJRVmd2T1dJMWRYTkVjR0pPZEcxNFJHTlVlbk0zUjNwTGNDNXFkMnR6SWl3aWMyOW1kSGRoY21WZmFuZHJjMTl5WlhadmEyVmtYMlZ1WkhCdmFXNTBJam9pYUhSMGNITTZMeTlyWlhsemRHOXlaUzV2Y0dWdVltRnVhMmx1WjNSbGMzUXViM0puTG5Wckx6QXdNVFU0TURBd01ERklVVkZ5V2tGQldDOXlaWFp2YTJWa0x6bGlOWFZ6UkhCaVRuUnRlRVJqVkhwek4wZDZTM0F1YW5kcmN5SXNJbk52Wm5SM1lYSmxYM0J2YkdsamVWOTFjbWtpT2lKb2RIUndjem92TDNkemJ6SXVZMjl0SWl3aWMyOW1kSGRoY21WZmRHOXpYM1Z5YVNJNkltaDBkSEJ6T2k4dmQzTnZNaTVqYjIwaUxDSnpiMlowZDJGeVpWOXZibDlpWldoaGJHWmZiMlpmYjNKbklqb2lWMU5QTWlCUGNHVnVJRUpoYm10cGJtY2lmUS5DQTE0b2dkY3BOd29IaUlKb3o2bVR4TnBNMndScnFpWkFjYm1LMFJuRHgyR0ROM0JIWW5aRzBFcTZWZ3lQYlByY1J5ZldsOGpRczJFU3NXYzVKU0J3ZWpIYnZwbng3a1ZCeVlrRzQ0ZGhvemFQQU5FWmx0Tmo0TTkxMkNnSGVLUGRfZDB1SUQ4ZElVcThfczJrWU1zb0NjY0JxR3lGVEl5bVZLMDFIWF9YXy1UN25wR19vdkU4Q0xnaWxNRmtpank1UGlGQzgzaG9weGl4ZVFmUmdkbUhDUl8xYm9rc2JGREszUlBJRWU1UGlPRHZYOHZsV0I4aVVHeTdQR3paMGlrWEJEMGx4OXAxQUpFeVlGM3gxcENqc1NIOHRKQzVFNUNHMHhaTFFQUGtUM0FfU3BqaVVoNUVsTmROY21UUG93MkxWU3hQOVF1c040dldwRU1VTmQ5cHcifQ.kq8UsDUcb6Ee55w4U4JhiifyUB0sSiTAnobLV1bwujfS2msdUfxDHqVjyrvx4NvPd54sXg3_k1EIRHLT4vT-zUkojqtWiB_v2ndo5UqvPUrIFoqY0IQznKBfD6cLlGQ0laYqxm_GJWAEdEv_O8Ggw_z1DMiZZRHF9Oln9zZtT95JcGeJ8JCQVDkaX_AM-fZrVaixfD4iBfy-n4H6LHCy94c1DrCM9wEGr7XfHLAVNdZe2Qbyjf1sVEPukK_ccw4AYcWUo3UJQ2WIKxZL4fBmb_3Z0ez9k31k6in86Hg4tHO9itXSVJvvzn8oAaYXXQrxfk4N1CojV3zk1bkhy6In3Q

The request has one path parameter named ClientId . It specifies the ClientId of the application that the TPP wants to modify. The TPP submits a JWS payload that describes the characteristics of the client to be modified. This must include all the claims, including the ones that will not be modified.

  • If the client is successfully modified, the ASPSP responds with a JSON payload that describes the client that was created.
  • If the ClientId is unknown, the ASPSP responds with an Unauthorized status code and immediately revokes the access token.

  • If client modification is unsuccessful, the ASPSP responds with an error payload.

curl -X PUT \
  https://<WSO2_OB_APIM_HOST>:8243/open-banking/v3.2/register/<CLIENT_ID> \
  -H 'Authorization: Bearer <APPLICATION_ACCESS_TOKEN>' \
  --cert <TRANSPORT_PUBLIC_KEY_FILE_PATH> --key <TRANSPORT_PRIVATE_KEY_FILE_PATH> \
  --cacert certfile \
  -d  eyJ0eXAiOiJKV1QiLCJhbGciOiJQUzI1NiIsImtpZCI6IkR3TUtkV01tajdQV2ludm9xZlF5WFZ6eVo2USJ9.eyJpc3MiOiI5YjV1c0RwYk50bXhEY1R6czdHektwIiwiaWF0IjoxNjAxOTgyMDQyLCJleHAiOjE2MDcyNTI0NDIsImp0aSI6IjE2MDE5ODIwNDYiLCJhdWQiOiJodHRwczovL2xvY2FsaG9zdDo4MjQzL3Rva2VuIiwic2NvcGUiOiJhY2NvdW50cyBwYXltZW50cyIsInRva2VuX2VuZHBvaW50X2F1dGhfbWV0aG9kIjoicHJpdmF0ZV9rZXlfand0IiwiZ3JhbnRfdHlwZXMiOlsiYXV0aG9yaXphdGlvbl9jb2RlIiwicmVmcmVzaF90b2tlbiJdLCJyZXNwb25zZV90eXBlcyI6WyJjb2RlIGlkX3Rva2VuIl0sImlkX3Rva2VuX3NpZ25lZF9yZXNwb25zZV9hbGciOiJQUzI1NiIsInJlcXVlc3Rfb2JqZWN0X3NpZ25pbmdfYWxnIjoiUFMyNTYiLCJzb2Z0d2FyZV9pZCI6IjliNXVzRHBiTnRteERjVHpzN0d6S3AiLCJhcHBsaWNhdGlvbl90eXBlIjoid2ViIiwicmVkaXJlY3RfdXJpcyI6WyJodHRwczovL3dzbzIuY29tIl0sInRva2VuX2VuZHBvaW50X2F1dGhfc2lnbmluZ19hbGciOiJQUzI1NiIsInNvZnR3YXJlX3N0YXRlbWVudCI6ImV5SmhiR2NpT2lKUVV6STFOaUlzSW10cFpDSTZJa2g2WVRsMk5XSm5SRXBqVDI1b1kxVmFOMEpOZDJKVFRGODBUbFl3WjFOR2RrbHFZVk5ZWkVNdE1XTTlJaXdpZEhsd0lqb2lTbGRVSW4wLmV5SnBjM01pT2lKUGNHVnVRbUZ1YTJsdVp5Qk1kR1FpTENKcFlYUWlPakUxT1RJek5qUTFOamdzSW1wMGFTSTZJak5rTVdJek5UazFaV1poWXpSbE16WWlMQ0p6YjJaMGQyRnlaVjlsYm5acGNtOXViV1Z1ZENJNkluTmhibVJpYjNnaUxDSnpiMlowZDJGeVpWOXRiMlJsSWpvaVZHVnpkQ0lzSW5OdlpuUjNZWEpsWDJsa0lqb2lPV0kxZFhORWNHSk9kRzE0UkdOVWVuTTNSM3BMY0NJc0luTnZablIzWVhKbFgyTnNhV1Z1ZEY5cFpDSTZJamxpTlhWelJIQmlUblJ0ZUVSalZIcHpOMGQ2UzNBaUxDSnpiMlowZDJGeVpWOWpiR2xsYm5SZmJtRnRaU0k2SWxkVFR6SWdUM0JsYmlCQ1lXNXJhVzVuSUZSUVVDQW9VMkZ1WkdKdmVDa2lMQ0p6YjJaMGQyRnlaVjlqYkdsbGJuUmZaR1Z6WTNKcGNIUnBiMjRpT2lKVWFHbHpJRlJRVUNCSmN5QmpjbVZoZEdWa0lHWnZjaUIwWlhOMGFXNW5JSEIxY25CdmMyVnpMaUFpTENKemIyWjBkMkZ5WlY5MlpYSnphVzl1SWpveExqVXNJbk52Wm5SM1lYSmxYMk5zYVdWdWRGOTFjbWtpT2lKb2RIUndjem92TDNkemJ6SXVZMjl0SWl3aWMyOW1kSGRoY21WZmNtVmthWEpsWTNSZmRYSnBjeUk2V3lKb2RIUndjem92TDNkemJ6SXVZMjl0SWwwc0luTnZablIzWVhKbFgzSnZiR1Z6SWpwYklrRkpVMUFpTENKUVNWTlFJbDBzSW05eVoyRnVhWE5oZEdsdmJsOWpiMjF3WlhSbGJuUmZZWFYwYUc5eWFYUjVYMk5zWVdsdGN5STZleUpoZFhSb2IzSnBkSGxmYVdRaU9pSlBRa2RDVWlJc0luSmxaMmx6ZEhKaGRHbHZibDlwWkNJNklsVnVhMjV2ZDI0d01ERTFPREF3TURBeFNGRlJjbHBCUVZnaUxDSnpkR0YwZFhNaU9pSkJZM1JwZG1VaUxDSmhkWFJvYjNKcGMyRjBhVzl1Y3lJNlczc2liV1Z0WW1WeVgzTjBZWFJsSWpvaVIwSWlMQ0p5YjJ4bGN5STZXeUpCU1ZOUUlpd2lVRWxUVUNKZGZTeDdJbTFsYldKbGNsOXpkR0YwWlNJNklrbEZJaXdpY205c1pYTWlPbHNpUVVsVFVDSXNJbEJKVTFBaVhYMHNleUp0WlcxaVpYSmZjM1JoZEdVaU9pSk9UQ0lzSW5KdmJHVnpJanBiSWtGSlUxQWlMQ0pRU1ZOUUlsMTlYWDBzSW5OdlpuUjNZWEpsWDJ4dloyOWZkWEpwSWpvaWFIUjBjSE02THk5M2MyOHlMbU52YlM5M2MyOHlMbXB3WnlJc0ltOXlaMTl6ZEdGMGRYTWlPaUpCWTNScGRtVWlMQ0p2Y21kZmFXUWlPaUl3TURFMU9EQXdNREF4U0ZGUmNscEJRVmdpTENKdmNtZGZibUZ0WlNJNklsZFRUeklnS0ZWTEtTQk1TVTFKVkVWRUlpd2liM0puWDJOdmJuUmhZM1J6SWpwYmV5SnVZVzFsSWpvaVZHVmphRzVwWTJGc0lpd2laVzFoYVd3aU9pSnpZV05vYVc1cGMwQjNjMjh5TG1OdmJTSXNJbkJvYjI1bElqb2lLemswTnpjME1qYzBNemMwSWl3aWRIbHdaU0k2SWxSbFkyaHVhV05oYkNKOUxIc2libUZ0WlNJNklrSjFjMmx1WlhOeklpd2laVzFoYVd3aU9pSnpZV05vYVc1cGMwQjNjMjh5TG1OdmJTSXNJbkJvYjI1bElqb2lLemswTnpjME1qYzBNemMwSWl3aWRIbHdaU0k2SWtKMWMybHVaWE56SW4xZExDSnZjbWRmYW5kcmMxOWxibVJ3YjJsdWRDSTZJbWgwZEhCek9pOHZhMlY1YzNSdmNtVXViM0JsYm1KaGJtdHBibWQwWlhOMExtOXlaeTUxYXk4d01ERTFPREF3TURBeFNGRlJjbHBCUVZndk1EQXhOVGd3TURBd01VaFJVWEphUVVGWUxtcDNhM01pTENKdmNtZGZhbmRyYzE5eVpYWnZhMlZrWDJWdVpIQnZhVzUwSWpvaWFIUjBjSE02THk5clpYbHpkRzl5WlM1dmNHVnVZbUZ1YTJsdVozUmxjM1F1YjNKbkxuVnJMekF3TVRVNE1EQXdNREZJVVZGeVdrRkJXQzl5WlhadmEyVmtMekF3TVRVNE1EQXdNREZJVVZGeVdrRkJXQzVxZDJ0eklpd2ljMjltZEhkaGNtVmZhbmRyYzE5bGJtUndiMmx1ZENJNkltaDBkSEJ6T2k4dmEyVjVjM1J2Y21VdWIzQmxibUpoYm10cGJtZDBaWE4wTG05eVp5NTFheTh3TURFMU9EQXdNREF4U0ZGUmNscEJRVmd2T1dJMWRYTkVjR0pPZEcxNFJHTlVlbk0zUjNwTGNDNXFkMnR6SWl3aWMyOW1kSGRoY21WZmFuZHJjMTl5WlhadmEyVmtYMlZ1WkhCdmFXNTBJam9pYUhSMGNITTZMeTlyWlhsemRHOXlaUzV2Y0dWdVltRnVhMmx1WjNSbGMzUXViM0puTG5Wckx6QXdNVFU0TURBd01ERklVVkZ5V2tGQldDOXlaWFp2YTJWa0x6bGlOWFZ6UkhCaVRuUnRlRVJqVkhwek4wZDZTM0F1YW5kcmN5SXNJbk52Wm5SM1lYSmxYM0J2YkdsamVWOTFjbWtpT2lKb2RIUndjem92TDNkemJ6SXVZMjl0SWl3aWMyOW1kSGRoY21WZmRHOXpYM1Z5YVNJNkltaDBkSEJ6T2k4dmQzTnZNaTVqYjIwaUxDSnpiMlowZDJGeVpWOXZibDlpWldoaGJHWmZiMlpmYjNKbklqb2lWMU5QTWlCUGNHVnVJRUpoYm10cGJtY2lmUS5DQTE0b2dkY3BOd29IaUlKb3o2bVR4TnBNMndScnFpWkFjYm1LMFJuRHgyR0ROM0JIWW5aRzBFcTZWZ3lQYlByY1J5ZldsOGpRczJFU3NXYzVKU0J3ZWpIYnZwbng3a1ZCeVlrRzQ0ZGhvemFQQU5FWmx0Tmo0TTkxMkNnSGVLUGRfZDB1SUQ4ZElVcThfczJrWU1zb0NjY0JxR3lGVEl5bVZLMDFIWF9YXy1UN25wR19vdkU4Q0xnaWxNRmtpank1UGlGQzgzaG9weGl4ZVFmUmdkbUhDUl8xYm9rc2JGREszUlBJRWU1UGlPRHZYOHZsV0I4aVVHeTdQR3paMGlrWEJEMGx4OXAxQUpFeVlGM3gxcENqc1NIOHRKQzVFNUNHMHhaTFFQUGtUM0FfU3BqaVVoNUVsTmROY21UUG93MkxWU3hQOVF1c040dldwRU1VTmQ5cHcifQ.kq8UsDUcb6Ee55w4U4JhiifyUB0sSiTAnobLV1bwujfS2msdUfxDHqVjyrvx4NvPd54sXg3_k1EIRHLT4vT-zUkojqtWiB_v2ndo5UqvPUrIFoqY0IQznKBfD6cLlGQ0laYqxm_GJWAEdEv_O8Ggw_z1DMiZZRHF9Oln9zZtT95JcGeJ8JCQVDkaX_AM-fZrVaixfD4iBfy-n4H6LHCy94c1DrCM9wEGr7XfHLAVNdZe2Qbyjf1sVEPukK_ccw4AYcWUo3UJQ2WIKxZL4fBmb_3Z0ez9k31k6in86Hg4tHO9itXSVJvvzn8oAaYXXQrxfk4N1CojV3zk1bkhy6In3Q
{
   "client_id":"kbLnJJ_uQL2Ye68uaCRbPIJOR4Ua",
   "client_id_issued_at":1601991722,
   "redirect_uris":[
      "https://wso2.com"
   ],
   "grant_types":[
      "authorization_code",
      "refresh_token"
   ],
   "application_type":"web",
   "id_token_signed_response_alg":"PS256",
   "token_endpoint_auth_signing_alg":"PS256",
   "request_object_signing_alg":"PS256",
   "scope":"accounts payments",
   "software_id":"9b5usDpbNtmxDcTzs7GzKp",
   "client_secret":"4nvgJQ0eSffFTtlLrfp0DqIfoLsa",
   "client_secret_expires_at":0,
   "token_endpoint_auth_method":"private_key_jwt",
   "response_types":[
      "code id_token"
   ],
   "software_statement":"eyJhbGciOiJQUzI1NiIsImtpZCI6Ikh6YTl2NWJnREpjT25oY1VaN0JNd2JTTF80TlYwZ1NGdklqYVNYZEMtMWM9IiwidHlwIjoiSldUIn0.eyJpc3MiOiJPcGVuQmFua2luZyBMdGQiLCJpYXQiOjE1OTIzNjQ1NjgsImp0aSI6IjNkMWIzNTk1ZWZhYzRlMzYiLCJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6InNhbmRib3giLCJzb2Z0d2FyZV9tb2RlIjoiVGVzdCIsInNvZnR3YXJlX2lkIjoiOWI1dXNEcGJOdG14RGNUenM3R3pLcCIsInNvZnR3YXJlX2NsaWVudF9pZCI6IjliNXVzRHBiTnRteERjVHpzN0d6S3AiLCJzb2Z0d2FyZV9jbGllbnRfbmFtZSI6IldTTzIgT3BlbiBCYW5raW5nIFRQUCAoU2FuZGJveCkiLCJzb2Z0d2FyZV9jbGllbnRfZGVzY3JpcHRpb24iOiJUaGlzIFRQUCBJcyBjcmVhdGVkIGZvciB0ZXN0aW5nIHB1cnBvc2VzLiAiLCJzb2Z0d2FyZV92ZXJzaW9uIjoxLjUsInNvZnR3YXJlX2NsaWVudF91cmkiOiJodHRwczovL3dzbzIuY29tIiwic29mdHdhcmVfcmVkaXJlY3RfdXJpcyI6WyJodHRwczovL3dzbzIuY29tIl0sInNvZnR3YXJlX3JvbGVzIjpbIkFJU1AiLCJQSVNQIl0sIm9yZ2FuaXNhdGlvbl9jb21wZXRlbnRfYXV0aG9yaXR5X2NsYWltcyI6eyJhdXRob3JpdHlfaWQiOiJPQkdCUiIsInJlZ2lzdHJhdGlvbl9pZCI6IlVua25vd24wMDE1ODAwMDAxSFFRclpBQVgiLCJzdGF0dXMiOiJBY3RpdmUiLCJhdXRob3Jpc2F0aW9ucyI6W3sibWVtYmVyX3N0YXRlIjoiR0IiLCJyb2xlcyI6WyJBSVNQIiwiUElTUCJdfSx7Im1lbWJlcl9zdGF0ZSI6IklFIiwicm9sZXMiOlsiQUlTUCIsIlBJU1AiXX0seyJtZW1iZXJfc3RhdGUiOiJOTCIsInJvbGVzIjpbIkFJU1AiLCJQSVNQIl19XX0sInNvZnR3YXJlX2xvZ29fdXJpIjoiaHR0cHM6Ly93c28yLmNvbS93c28yLmpwZyIsIm9yZ19zdGF0dXMiOiJBY3RpdmUiLCJvcmdfaWQiOiIwMDE1ODAwMDAxSFFRclpBQVgiLCJvcmdfbmFtZSI6IldTTzIgKFVLKSBMSU1JVEVEIiwib3JnX2NvbnRhY3RzIjpbeyJuYW1lIjoiVGVjaG5pY2FsIiwiZW1haWwiOiJzYWNoaW5pc0B3c28yLmNvbSIsInBob25lIjoiKzk0Nzc0Mjc0Mzc0IiwidHlwZSI6IlRlY2huaWNhbCJ9LHsibmFtZSI6IkJ1c2luZXNzIiwiZW1haWwiOiJzYWNoaW5pc0B3c28yLmNvbSIsInBob25lIjoiKzk0Nzc0Mjc0Mzc0IiwidHlwZSI6IkJ1c2luZXNzIn1dLCJvcmdfandrc19lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvMDAxNTgwMDAwMUhRUXJaQUFYLmp3a3MiLCJvcmdfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9yZXZva2VkLzAwMTU4MDAwMDFIUVFyWkFBWC5qd2tzIiwic29mdHdhcmVfandrc19lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvOWI1dXNEcGJOdG14RGNUenM3R3pLcC5qd2tzIiwic29mdHdhcmVfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9yZXZva2VkLzliNXVzRHBiTnRteERjVHpzN0d6S3AuandrcyIsInNvZnR3YXJlX3BvbGljeV91cmkiOiJodHRwczovL3dzbzIuY29tIiwic29mdHdhcmVfdG9zX3VyaSI6Imh0dHBzOi8vd3NvMi5jb20iLCJzb2Z0d2FyZV9vbl9iZWhhbGZfb2Zfb3JnIjoiV1NPMiBPcGVuIEJhbmtpbmcifQ.CA14ogdcpNwoHiIJoz6mTxNpM2wRrqiZAcbmK0RnDx2GDN3BHYnZG0Eq6VgyPbPrcRyfWl8jQs2ESsWc5JSBwejHbvpnx7kVByYkG44dhozaPANEZltNj4M912CgHeKPd_d0uID8dIUq8_s2kYMsoCccBqGyFTIymVK01HX_X_-T7npG_ovE8CLgilMFkijy5PiFC83hopxixeQfRgdmHCR_1boksbFDK3RPIEe5PiODvX8vlWB8iUGy7PGzZ0ikXBD0lx9p1AJEyYF3x1pCjsSH8tJC5E5CG0xZLQPPkT3A_SpjiUh5ElNdNcmTPow2LVSxP9QusN4vWpEMUNd9pw"
}

[Back To Top]


Deleting an application

The API allows the TPP to request the ASPSP to delete an existing client. The request relies on Mutual TLS authentication and application access token (Client Credentials grant type) for TPP authentication.

 Click here for a sample application access token
curl -X POST \
  https://localhost:8243/token \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'ssl.client.auth.cert.X509: MIIFODCCBCCgAwIBAgIEWcVqyzANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJH' -k \
  -d 'grant_type=client_credentials&scope=openid%20&client_assertion=eyJraWQiOiJoY2dleHVndVZiNXJZU1lWQnNsLWM5aEJQdlkiLCJhbGciOiJQUzI1NiJ9.eyJzdWIiOiJ1aHo5NWVTaUtrMmxUeld4YzRqckxUWHh3RThhIiwiYXVkIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6ODI0My90b2tlbiIsImlzcyI6InVoejk1ZVNpS2sybFR6V3hjNGpyTFRYeHdFOGEiLCJleHAiOjE1OTkxODcyMDEsImlhdCI6MTU3MDA3NjUyNiwianRpIjoiMTU1NDE5MjU0MTkifQ.sb-lwJhbtbaPrCvftyNcDLUt3uqtANXdJkbCNG6x7BL57b4cqkxo20BKHn4Cnvd8f00OIfuEQLBKo5BH9bpkt06MVsoZdEhq4YMT_FqUZb_38B-MEmWuaE2n6-ZCa_Jlp8TZ49PRY_q-Zz-y8WkDF2Hy51lulL5exxq0eGfNzGNMHk9_yQeEPte2-IY7NHPNpY0WpPKpYTUHPvDC3u_o5oL7WAcdE5bwqZQ4M5VcQf_QSqVLxrRpFv2FO9FBiU_iTG1S9CgNrYICzlgk9Gg2DhFu75iqcrjpGiEcXjSULKwRT89j--jJMWSCSuJ64OFllao3x56JecxxGdlA0HuaSw&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&redirect_uri=https%3A%2F%2Fwso2.com%2F'

The request has one path parameter named ClientId . It specifies the ClientId of the application that the TPP wants to delete.

  • If the request is successful and the ClientId  matches the client to whom the Client Credentials grant access token was issued, the ASPSP must delete the client and invalidate long lived access tokens that were issued to the client
  • If the ClientId is unknown, the ASPSP responds with an Unauthorized status code and immediately revokes the access token

You can find a sample request sent to the retrieving endpoint below. 

curl -X DELETE \
  https://<WSO2_OB_APIM_HOST>:8243/open-banking/v3.2/register/<CLIENT_ID> \
  -H 'Authorization: Bearer <APPLICATION_ACCESS_TOKEN>' \
 --cacert certfile \
 --cert <TRANSPORT_PUBLIC_KEY_FILE_PATH> --key <TRANSPORT_PRIVATE_KEY_FILE_PATH>
204 No Content

If the deletion is successful you will get a 204 No Content response.

[Back To Top]





  • No labels