1) Open access or regulated access?
Three of our Open Banking APIs are available to everyone, without registration. Our open access APIs are:

- BCA Products

- PCA Products

- FCA Metrics

You need to register in order to work with regulated APIs, and we explain how you do this in Step 3. Once you are registered and depending on your permissions, you’ll be able to access:
• Accounts and Transactions
• Payment Initiation
• Confirmation of Funds (available only in Sandbox until September 2019)
Find a list of our API products and descriptions on our Sandbox and Developers Portals.

2) Are you registered with the Open Banking directory?
To access our regulated Open Banking APIs, you need to be registered with the Open Banking directory.
Once registered, you’ll be able to use our regulated Open Banking APIs and those provided by any Open Banking compliant bank. However, there are two types of registration: Sandbox and Production.

3) Explore and Select your Open Banking API

The Account Information and Payment Initiation APIs are featured on the "Home" page.

1. Click the "Explore" button to get the interface specifications.
2. Click the "Log In" button to subscribe and access the APIs.

4) Sign Up to Open Banking

After clicking on the "Log In" button, you will be redirected to the Open Banking website, where you will need to follow the Open Banking sign on process.

Once the log in process within Open Banking is complete, you will be redirected to the Cater Allen Developer Portal where you can register an application and subscribe to the APIs.

5) Register your Application

Follow the steps shown below to upload a Software Statement Assertion (SSA) and register your application:

1. Go to the "Applications" page in the menu.
2. The application section will open and you will need to click on the "Add application" button
3. In the new window you will need to enter:

1. Your SSA certificate. This will be validated against OBIE. You can decode the successfully validated SSA.
2. The name of your application and all the necessary details in the page will be automatically filled in.
3. Manually select "Per Token Quota" and type a description.

1. Click "Add" button.

6) Subscribe to an API plan

Go to the "APIs" menu option, where you can see the all the API versions we support. Select the relevant API to access the technical details and the subscription plan.

1. Select your application and tiers and click on the "Subscribe" button.
2. Click on the "Subscribe" button - all the Applications previously registered will be displayed
3. A message of confirmation is displayed when the subscription is complete.

Sandbox: https://sandbox.caterallen.co.uk/.well-known/openid-configuration

Account Initiation Service and Payment Initiation Service

Your first step will be to choose the API(s) you want to test.
Below are some key points you will need to know before getting started:
• Cater Allen’s Sandbox well-known URL - https://sandbox.caterallen.co.uk/.well-known/openid-configuration

• Cater Allen’s Sandbox doesn’t include a full consent journey
  
  

1. Get Token using Client Credential Grant
   This is the TLS-MA handshake between yourself and Cater Allen. This step generates the access token known as the "client credential grant" which is valid for ONLY 5 minutes.
   Before you start you’ll need to have valid network and signing certificates issued by Open Banking. OB Directory will provide and host the necessary certificates containing the corresponding public keys so that the signature may be verified.
2. Post Account/Payment Request
   For the next step, you will need the Account Request ID(s) for the scenario you would like to test.
   Once you have input the Account ID to the URL, you can make the call. As a response, you will receive a summary of all the permissions given relating to the specific account request ID.
3. Create Request Object
   You must then generate the request token (jwt or JSON web token) that will be used as part of the next ‘Authorise Request’ call.
   Please refer to OBIE security specification for details on how to generate the Request Object. This request token contains the Resource ID, encrypted based on the security policy defined by Cater Allen and the Open Banking Implementation Entity (OBIE).
4. Invoke Authorise Request
   In the Sandbox we don’t have the UJs to give the authorized request. We mocked the data using user access token API with scope as accounts, grant_type as password , user name as “testuser@wso2.com” and password as “wso2123”.

This user access token will give you an authorization token which will grant you access to the APIs.