Unable to get client tokens for Nationwide

Description

Hi,

It appears that Nationwide is rejecting all our requests to get new client credential tokens (using https://api.nationwide.co.uk/open-banking/oauth/token), since approximately 01:22 05/11/2019 UTC. Requests are rejected with a HTTP 400 response and a body of '{"error" : "invalid_request" , "error_description" : "Invalid header: x-subject. CN and OU must match softwareId and orgId"}'.

It appears that you now require a 'x-subject' header, however I see no reference to the header in the OB spec, OAuth spec or the Nationwide developer site.

Thanks,
Michael

Technical Impact

Requests to the token endpoint fail with a HTTP 400 response.

Workaround

None

Resolution Notes

None

Impact Assessment

Unable to make any payments through the API.

Status

Assignee

Unassigned

Reporter

Service Desk

Reference

None

Service Desk Reference

OBSD-11937

ASPSP

Query Type

None

Created (Original)

Nov 05, 2019, 6:38 AM

TPP Impact

None

OB Environment

None

Business Impact Severity

Level 1

Share

Yes
Configure