...
Change to Production:
Improvement | Delivery date | Client Registration support for private_key_jwt: TPPs will need to register specifying private_key_jwt as the token_endpoint_auth_method (as shown through our Open ID Configuration.) Note: Clients already registered with client_secret_post and client_secret_basic will be able to continue requesting tokens with their respective method. The intention is that the TPPs currently using client_secret_basic and client_secret_post will be asked to update clients to use private_key_jwt in the future. |
---|---|---|
Summary: We will refresh the expiry of Refresh tokens so long as Access Tokens are refreshed within a 90-day period. Solution
TPP Changes
|
|
On-boarding
Supports dynamic client registration (Y/N) | Y |
---|---|
Instructions for manual onboarding | N/A |
OIDC .well-known endpoint | https://integrations.capitalone.co.uk/.well-known/openid-configuration |
Notes on testing | TPPs must be registered with the Open Banking Directory |
Other on-boarding notes |
|
Documentation URL | https://developer.capitalone.co.uk/api/open-banking/index.html |
Account Information API
Note to ASPSP: Please add a column per brand if relevant
Swagger version | v3 |
---|---|
Base URI | https://open-banking.capitalone.co.uk/open-banking/v3.1/aisp |
General variances to specification | Time format - our interface supports the following data time format 2011-12-03T10:15:30 |
Non-functional limitations | Pagination is not supportedRe-authentication - Customers must re-confirm consent to share their data at least every 90 days. This can be completed by using the existing intent ID in a request to the /authorize endpoint (as per the OBIE specifications). API Call Limits - Our interface implements rate-limiting on TPP data requests where the Customer is not present (as indicated by x-fapi-customer-ip-address header) where reached a 429 response will be returned. |
...