1. Introduction

The API Hub Sandbox contains one or more ‘Model LFIs’, where each Model LFI has:

1. A fully functioning set of API resources (e.g. Authorization Server, Resource Server, etc) aligned to the published Standards which will behave exactly the same as an LFI’s production APIs in the API Hub.

2. Synthetic sample data for a number of fictitious Users (e.g. user names and passwords, accounts, transactions, etc).

This API Hub Sandbox therefore acts as a testing environment for TPPs, so that they can a) test their applications prior to being licensed and/or without accessing any real customer accounts and b) demonstrate their conformance to the Open Finance Standards as set out in the Testing and Certification Framework.

The API Hub Sandbox also acts as a reference implementation for LFIs so that they can compare their own API integration with the API Hub, thereby speeding up such integration activity.

2. Pre-Requisites

Developers must firstly make themselves familiar with all aspects of the Standards.

In order to access the API Hub Sandbox, the LFI or TPP must nominate and onboard a Primary Business (PBC) and Primary Technical (PTC) contacts to the Open Finance Trust Framework (OFTF) Sandbox. Once onboarded, this allows the PTC to create the following artefacts within the OFTF Sandbox in order to simulate a TPP application:

1. Application

2. Application Transport Key & Certificate

3. Application Signing Key & Certificate

Detailed information about how to create the Application and Certificates is covered in the https://openfinanceuae.atlassian.net/wiki/spaces/TFDocsv4

3. Accessing the API Hub Sandbox

The API Hub Sandbox is typically accessed by a TPP using their own client application.

The API Hub Sandbox is being continually updated to support more API sets and functionality. Please use the latest version from the list below.

4. Using Postman

4.1 Introduction

The API Hub Sandbox does not in itself have a GUI. While developers can connect their own TPP applications directly to the API Hub Sandbox (because it behaves exactly the same as an LFI’s production endpoints in the API Hub), the starting point is to use Postman to connect and test out all of the APIs.

4.2 Setting up Postman

1. Download and install https://www.postman.com/

2. Download the Postman Collection from the latest version of the API Hub Sandbox (see https://openfinanceuae.atlassian.net/wiki/spaces/Internal/pages/251953153/API+Hub+Sandbox+User+Guide#3.-Accessing-the-API-Hub-Sandbox)

3. Request a Postman Environment file:

   1. Once your TPP client is successfully registered, please raise a ticket on the Nebras Service Desk requesting your Postman Environment file. Please include your TPP Name and Client Id when raising the ticket.

   2. We will then respond on the ticket to send you a pre-configured Postman Environment file

4. Import the Postman Collection and Environment File into Postman
   

   

5. Configure the OFTF Transport Certificates in Postman

   1. Go to Settings > Certificates > Add Certificate

   2. Enter the Host URL as below (please note this example is for Al Tareq Model LFI 1, and over time we may create additional Model LFIs)

   3. Import the Transport Certificate (CRT file) from the OFTF Sandbox, see section 2 above

   4. Import your Transport Key (KEY file) the Private Key which will have stored locally

      

6. Set the following general Postman settings

   1. Go to Settings > General

   2. Set SSL certificate verification: OFF

   3. Set Automatically follow redirects: ON

      

      

7. Select the required environment file, which contains the server host definitions. Make sure you use the correct (latest) environment.

   

8. Edit your environment to add the _clientId, kid_local, and pem_local as follows:

   1. _clientId - the Client ID of your application from the OFTF Sandbox

      

      Insert the Client ID value from the OFTF Sandbox into the Postman _clientid variable of your environment

      

   2. kid_local - the Key Id (KID) of the OFP UAE CLIENT SIGNING certificate created for your application from the OFTF Sandbox

      

      The KID is then inserted into the kid_local field of the altaraq-sandbox environment

      

   3. pem_local - the Private Key of your Signing Certificate.
      This is the OFTF Signing Certificate Private Key that you created when you created the Signing Certificate CSR.
      The Signing Ley needs to be represented as a single line to be included in the Postman environment.
      To acheive this in MacOS and Linux, the tr (translate) command can be used as follows, which removes the newline characters.

      tr -d '\n' <  98863a9e-ae4f-4593-a894-714cbbc91ffb-opf_uae_client_signing.key >  single-line-opf_uae_client_signing.key

The single line Client Key can then be copied and pasted from the file into the postman environment as the pem-local variable:

4.3 Using the Postman Collection

Once your Postman Environment has been updated, you’re ready to run the Postman Collection against the API Hub Sandbox.

The Postman Collection contains a number of steps in order, which will walk you through each of the API flows in the API Standards.

The Authorization Flow currently supports a single test User (username: mits, password: mits)

"AccountId": "100004000000000000000002"
"SchemeName": "AccountNumber"
"Identification": "10000109010102"
"AccountType": "Corporate"
"Name": "Luigi International"

"AccountId": "100004000000000000000003"
"SchemeName": "AccountNumber"
"Identification": "10000109010103"
"AccountType": "Retail"
"Name": "Mario International"

"AccountId": "100004000000000000000005"
"SchemeName": "IBAN"
"Identification": "10000109010105"
"AccountType": "Retail"
"Name": "Spectrum"