Version | 1.0 |
---|---|
Publication Date |
|
Classification | Public |
1. Introduction
The API Hub Sandbox contains one or more ‘Model LFIs’, where each Model LFI has:
A fully functioning set of API resources (e.g. Authorization Server, Resource Server, etc) aligned to the published Standards which will behave exactly the same as an LFI’s production APIs in the API Hub.
Synthetic sample data for a number of fictitious Users (e.g. user names and passwords, accounts, transactions, etc).
This API Hub Sandbox therefore acts as a testing environment for TPPs, so that they can a) test their applications prior to being licensed and/or without accessing any real customer accounts and b) demonstrate their conformance to the Open Finance Standards as set out in the Certification Framework.
The API Hub Sandbox also acts as a reference implementation for LFIs so that they can compare their own API integration with the API Hub, thereby speeding up such integration activity.
2. Pre-Requisites
Developers must firstly make themselves familiar with all aspects of the Standards.
In order to access the API Hub Sandbox, developers must be on-boarded onto the Open Finance Trust Framework (OFTF) Sandbox and have the ability to create Applications under the OFTF Sandbox.
Once onboarded, this allows developers to create the following artefacts within the OFTF Sandbox in order to simulate a TPP application:
Client ID
Client Transport Certificate
Signing Key
Signing Key ID (KID)
Detailed information about how to create the OFTF artefacts is covered in the Trust Framework User Documentation.
3. Setting up Postman
The API Hub Sandbox does not in itself have a GUI.
While developers can connect their own TPP applications directly to the API Hub Sandbox (because it behaves exactly the same as an LFI’s production endpoints in the API Hub), the starting point is to use Postman to connect and test out all of the APIs.
Once downloaded and installed on a developer’s PC, the following instructions should be followed to setup Postman.
Download the latest Postman Collection (see section 4 below)
Download the latest Postman Environment File (see section 4 below)
Import the Postman Collection and Environment File into Postman
Configure the OFTF Transport Certificates in Postman
Go to
Settings > Certificates > Add Certificate
Enter the Host URL as below (please note this example is for Al Tareq Model LFI 1, and over time we may create additional Model LFIs)
Import the Transport Certificate (CRT file) from the OFTF Sandbox, see section 2 above
Import your Transport Key (KEY file) the Private Key which will have stored locally
Set the following general Postman settings
Go to
Settings > General
Set
SSL certificate verification: OFF
Set
Automatically follow redirects: ON
Load the altareq-sandbox environment file, which contains the server host definitions. Make sure you use the correct (latest) evironment.
Edit the altareq-sandbox environment to add the
_clientId
,kid_local
, andpem_local
as follows:_clientId
- the Client ID of your application from the OFTF SandboxInsert the
Client ID
value from the OFTF Sandbox into the Postman_clientid
variable of the altareq-sandbox environmentkid_local
- the Key Id (KID) of theOFP UAE CLIENT SIGNING
certificate created for your application from the OFTF SandboxThe KID is then inserted into the
kid_local
field of the altaraq-sandbox environmentpem_local
- the Private Key of your Signing Certificate.
This is the OFTF Signing Certificate Private Key that you created when you created the Signing Certificate CSR.
The Signing Ley needs to be represented as a single line to be included in the Postman environment.
To acheive this in MacOS and Linux, the tr (translate) command can be used as follows, which removes the newline characters.tr -d '\n' < 98863a9e-ae4f-4593-a894-714cbbc91ffb-opf_uae_client_signing.key > single-line-opf_uae_client_signing.key
The single line Client Key can then be copied and pasted from the file into the postman environment as the pem-local
variable:
4. Latest Postman Files
The latest Postman files can be downloaded here
Postman Collection
Environment File
The above Postman Collection currently supports the following API endpoints:
Bank Data Sharing
GET/account-access-consents
GET/account-access-consents/{ConsentId}
PATCH/account-access-consents/{ConsentId}
GET/accounts
GET/accounts/{AccountId}
GET/accounts/{AccountId}/balances
GET/accounts/{AccountId}/beneficiaries
GET/accounts/{AccountId}/direct-debits
GET/accounts/{AccountId}/product
GET/accounts/{AccountId}/scheduled-payments
GET/accounts/{AccountId}/standing-orders
GET/accounts/{AccountId}/transactions
GET/accounts/{AccountId}/parties
GET/parties
Bank Service Initiation (Single Instant Payment)
GET/payment-consents
GET/payment-consents/{ConsentId}
PATCH/payment-consents/{ConsentId}
POST/payments
GET/payments
GET/payments/{PaymentId}
Bank Service Initiation (Single Future Dated Payment)
GET/payment-consents
GET/payment-consents/{ConsentId}
PATCH/payment-consents/{ConsentId}
POST/payments
GET/payments
GET/payments/{PaymentId}
Insurance Data
GET/insurance-consents
GET/insurance-consents/{ConsentId}
PATCH/insurance-consents/{ConsentId}
Please note, the above Postman Collection will be updated from time to time to include additional API endpoints as/when these are updated in the API Standards.
5. Using the Postman Collection
Once your Postman Environment has been updated, you’re ready to run the Postman Collection against the API Hub Sandbox.
The Postman Collection contains a number of steps in order, which will walk you through each of the API flows in the API Standards.
The Authorization Flow currently supports a single test User (username: mits, password: mits)
Please note, we will shortly be adding some videos to this section, which will explain each step in more detail.