We have created a sandbox environment that behaves like the APIs of a live bank. We offer all the APIs that are listed in the catalogue and data of two sample banks. Here is some key sample data that you can use in your app.
Sandbox is preloaded with two banks and customers and accounts.
Note: Customer numbers are marked in blue. These customer numbers are not configured with registered mobile numbers. So the OTP entered during the consent flow can be any random number. During a real flow the OTP is sent to the registered mobile number only and the mobile number is confidential and known only to the bank.
Trying the APIs
Each API can be tried using the API explorer. You can use the sample data mentioned above and to try and test the APIs. To try the APIs, click on the particular API in the menu. You will see a tab that says "Try it." This section describes the APIs and provides the ability to make API calls.
Authentication and consent
To enable live interaction with APIs in the sandbox, we've provided an implementation of the authentication and consent app. APIs such as account information or payment transfer require explicit end-user consent. Follow these steps to authorize before you can fire the APIs.
Note: Authorization calls require a client ID. In this case, however, we have preconfigured the flow with a client ID, so the consent app flow is demonstrated without using a client ID.
Step 1) Initiate authorization
Each API is provided with a section under API explorer where you can run the API and see the results. When an API is configured to have authorization completed (i.e. to present an access token), you will see a button titled "OAuth 2.0 Set." Clicking on this button will start the OAuth flow and consent app flow.
Step 2) Get client credentials access token
You need to select 'accounts' scope (for submitting account request) or 'payments' scope (for submitting payment request) for getting client credentials access token.
Step 3) Create account request / payment request
Once access token is recieved, you need to create an account request with account permissions required, or payment request with unique idempotency key.
Step 4) Create account request / payment request
Once the account/payment request is created, you get back AccountRequestId/PaymentId, and a 'request' query parameter is created which is a JWT containg the account/payment request submitted.
Step 5) Enter credentials
Enter the customer number and password on the Log in page.
Step 6) Give consent
At this time all account IDs that this customer owns with the bank will be presented. You will need to the account(s). Consent will be given only for account access or payment.
Step 7) Enter the OTP
Enter the OTP (any random nuber) .
After the completion of this flow you will see the button "OAuth 2.0 Set" turn into "OAuth 2.0 Authenticated." This means the API explorer has the access token that it will present when you fire the APIs. To remove the authentication click on the "x" on this button.