Versions Compared

Old Version 6

changes.mady.by.user Peter Brown

Saved on

compared with

New Version 7

changes.mady.by.user Edward Lisley

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Page Properties
idSummary


ASPSPCapital One (Europe)
BrandCapital One
Date
Developer portal (s)https://open-banking-developer.capitalone.co.uk/apis



Announcements:

Improvement

Delivery date

Our Developer Portal has moved to https://open-banking-developer.capitalone.co.uk/. The old link (https://developer.capitalone.co.uk/apis) will re-direct to this page for the time being.

 


Change to Production:

Improvement

Delivery date

Summary: We will refresh the expiry of Refresh tokens so long as Access Tokens are refreshed within a 90-day period.

Solution

  • Capital One UK already issues refresh tokens alongside access tokens, in response to requests from TPPs.
  • Going forward, whenever a TPP makes a request to us using an access token and refresh token that we have issued them, we’ll issue brand new refresh tokens with each response to a TPP.
  • The new refresh tokens will be issued with a validity period of 90 days from the date of issue. Once a new token is issued, the previously issued token will be invalidated.
  • During this 90 day validity period, the TPP can then get another refresh token for another 90 days - and so on.
  • This allows perpetual access, so long as the TPP fetches a new refresh token within the 90 day window.

TPP Changes

  • As a TPP integrating with Capital One UK, you should ensure that you are always capturing and storing the refresh_token from each request, rather than only capturing the initial refresh_token on a first time request for a given customer. This is in line with the Oauth standard recommendation. Only the most recent refresh token will ever be valid.
  • You should also ensure that you have fallback mechanisms in place to ensure that you fetch a new refresh token within the 90 day validity period, for as long as the customer has granted you consent.

 

...

Supports dynamic client registration (Y/N)Y
Instructions for manual onboardingN/A
OIDC .well-known endpoint

https://integrations.capitalone.co.uk/.well-known/openid-configuration

Notes on testingTPPs must be registered with the Open Banking Directory
Other on-boarding notes
  • There is currently no support for Client Management
  • SSA must be issued by Open Banking
  • redirect_uris MUST match or be a subset of the software_redirect_uris claim in the SSA
  • See well-known endpoint for supported configurations
  • When onboarding if any challenges arise please contact ukdevelopersupport@capitalone.com

  • private_key_jwt must be specified as the the token_endpoint_auth_method
Documentation URL


https://open-banking-developer.capitalone.co.uk/api/open-banking/index.html


Account Information API

Note to ASPSP: Please add a column per brand if relevant

...