Home

Welcome to the OBP-API wiki!

• REST API V2.0.0 STABLE

• REST API V2.1.0 DRAFT

• REST API V3.0.0 STABLE

• REST API V4.0.0 BLEEDING-EDGE

• Sandbox

• Overview diagram of OBP Architecture

• Authentication

• Security links

• Licences / Legal

Application registration

OBP protected resources use OAuth. You can use one of our sandboxes (register here) to test. You will get a consumer key and consumer secret for the calls requiring OAuth authentication.

OAuth

The best way to get started with OBP and OAuth is probably to fork one of our Starter SDKs. They take care of the basic OAuth flow.

Direct Login / JWT

For hackathons and highly trusted applicaitons we offer a "direct login" using JWT. See this direct login documentation page or the SDK page for a code example

We're sometimes asked about OAuth 1 and 2. So far we stick with OAuth 1.0a because it's stable (RFC) is used by the likes of Twitter and Mastercard and according to the lead author of OAuth is more secure than OAuth2. For more info, see OAuth 2 and the road to hell or this stack overflow article

Customer Logins

For the general sandbox see: https://github.com/OpenBankProject/OBP-API/wiki/Sandbox#example-customer-logins