Versions Compared

Version Old Version 28 New Version Current
Changes made by

Gurdeep Singh (Unlicensed)

Puratchi Vanaja

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Announcements


Improvement
Delivery date

Production API available for integration. For more information on how to integrate with our API or to access test accounts please contact openbankingsupport@vanquisbank.co.uk

 
eIDAS certificates are now supported in our Test facility 
eIDAS certificates are now supported in Production 
Implemented Payment Initiation APIs v3.1.7 are now Implemented  
Implemented Account Information Service APIs v3.1.8

Implemented SCA-RTC v3.1.10


Change to Production:


Improvement
Delivery date

Production API available for integration. For more information on how to integrate with our API or to access test accounts please contact openbankingsupport@vanquisbank.co.uk

 New internally-hosted test facility available which provides closer alignment to production interface 

please contact openbankingsupport@vanquisbank.co.uk

 
New internally-hosted test facility available which provides closer alignment to production interface 
Allowed AISP to send expiration date in the account access consent call. 
  • As part of v3.1.10 Implementation, Vanquis will introduced a long lived refresh token of 60 years.
  • Consent will not be expire and if the consent is revoked then need to create new consent.
  • AISP/CBPII/PISP consents created after implementation of v3.1.10 will no longer require re-authentication every 90 days. The new rules in place will ask for customer reconfirmation with the TPP not ASPSP.
  • Consents issued and authorised before v3.1.10 implementation will remain valid for 90 days.
  • There are no changes to Vanquis current implementation of Access Tokens. Third parties should continue to pass OAuth credentials in a Get Access Token call.  In response, the Vanquis authorisation server issues an access token, reuse the access token until it expires. When it expires, you can get a new token.


Info
titleProduction and Test facility Full interface Specifications

General guidance notes:

  • For guidance on detailed documentation of the Read/Write Data API specifications please visit the appropriate section on the Open Banking Developer Zone
  • We are currently supporting version 3.1.10 for AISP & , CBPII and version 3.1.7 for PISP specifications of the Open Banking Standard
  • App-to-app redirection is only supported in Production not in the test facility.
  • This is reflective of the current state of Vanquis' payment service operations.
  • For all related implementation support please contact openbankingsupport@vanquisbank.co.uk
  • Dynamic Client Registration is enabled and is mandatory
  • Supported endpoint token methods: private_key_jwt
  • Supported grant types: client_credentials & authorisation_code
  • Display of data IDs (e.g. transactionid & statementid) in REST responses is enabled
  • The Open API test facility should not be used for load testing

...

Supports dynamic client registration (Y/N)Yes
Instructions for manual onboardingManual on-boarding is not supported.
OIDC .well-known endpoint

Production: https://auth.openbanking.vanquis.co.uk/.well-known/openid-configuration

Test facility: https://sandbox.auth.openbanking.vanquis.co.uk/.well-known/openid-configuration

Notes on testing

Test accounts available via openbankingsupport@vanquisbank.co.uk

Other on-boarding notes

TPP's can on-board with us either directly using eIDAS certificates or using Open Banking UK Eco-system. Please follow the details below:

On-boarding via Open Banking U.K. Eco-system

  1. Register/Enroll with Open Banking
  2. Submit Software Statement Assertion to Client Registration endpoint:
    1. Productionhttps://mtls.auth.openbanking.vanquis.co.uk/connect/register
    2. Test facilityhttps://sandbox.mtls.auth.openbanking.vanquis.co.uk/connect/register
  3. Follow the instructions on https://www.vanquis.co.uk/developer-portal for help to get started.  

On-boarding Directly using eIDAS certificates

Please follow the detailed guide below

 

View file
nameDCR with Vanquis bank using eIDAS v1.3.pdf
height150

Documentation URL


998769404Implementation Guide: Vanquis Bank



Tips/Notes for TPP's

Tip

Based on the recent TPP queries the following section should help third parties to connect with Vanquis Bank Open banking system.

  • For client registration we only support PS256 algorithm and NOT RS256.
  • The "aud" value varies depending on the call during the dynamic client registration and Consent flows as given in the table below.
Step

Purpose

HTTP Type

Request Url

Request Body Format

Aud value in the request Body

Expected Response

Reference Documentation or Specification

Register Client

On boarding journey for Dynamic Client Registration i.e. Register a TPP Client with Vanquis Bank

Post

Production: https://mtls.auth.openbanking.vanquis.co.uk/connect/register

Test facility: https://sandbox.mtls.auth.openbanking.vanquis.co.uk/connect/register

application/jwt

0015800001ZEc2PAAT (For NON eIDAS Registrations)

PSDGB-FCA-221156  (For eIDAS Registrations)

As per Open banking specification of security profile V3.1

https://openbanking.atlassian.net/wiki/spaces/DZ/pages/937066600/Dynamic+Client+Registration+-+v3.1

Get Access Token

Access token for

  1. Creating Consents
  2. Exchange authorization code for Data Access Token

Post

Production: https://mtls.auth.openbanking.vanquis.co.uk/connect/token

Test facility: https://sandbox.mtls.auth.openbanking.vanquis.co.uk/connect/token

X-www-form-urlencoded

Production: https://mtls.auth.openbanking.vanquis.co.uk/connect/token

Test facility: https://sandbox.mtls.auth.openbanking.vanquis.co.uk/connect/token

JWT

https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint

and

https://openid.net/specs/openid-connect-core-1_0.html#JWTRequests

Get PSU Consent

Request to redirect to Login and Consent Page in order to gain PSU consents

Get

Productionhttps://auth.openbanking.vanquis.co.uk/connect/authorize

Test facilityhttps://sandbox.auth.openbanking.vanquis.co.uk/connect/authorize

Url/Query String

Production:  https://auth.openbanking.vanquis.co.uk

Test facility:  https://sandbox.auth.openbanking.vanquis.co.uk

Authorization Code

https://openid.net/specs/openid-connect-core-1_0.html#HybridAuthorizationEndpoint

  • "ReadAccountsBasic" is a Mandatory permission to access the accounts data even when the "ReadAccountsDetail" permission is requested.
  • "ReadTransactionsBasic" is a Mandatory permission to access the transaction data even when the "ReadTransactionsDetail" permission is requested.
  • "ReadStatementsBasic" is a Mandatory permission to access the statement data even when the "ReadStatementsDetail" permission is requested.
  • "ReadProducts" permission is NOT supported. API calls will fail if this is included in the request.
  • Transaction date range CAN NOT be in the future to access the transactions data. We only expose the last 6 months worth of transactions data.
  • Clients requesting data via MTLS end points for Sandbox (i.e. Test facility) environment should pass Client Certificates issued by Open banking Pre-production Issuer and CA.
  • Clients requesting data via MTLS end points for Production environment should pass Client Certificates issued by Open banking Production Issuer and CA.

Please note that we are continuously improving API's based on feedback, For feedback or further information please contact openbankingsupport@vanquisbank.co.uk

...

Swagger version

We currently support version 3.1

See JSON version: https://raw.githubusercontent.com/OpenBankingUK/read-write-api-specs/v3.1.0/dist/account-info-swagger.json

See YAML version: https://raw.githubusercontent.com/OpenBankingUK/read-write-api-specs/v3.1.0/dist/account-info-swagger.yaml

Base URI

Production: https://mtls.data.openbanking.vanquis.co.uk/open-banking/v3.1/aisp/

Test facility: https://sandbox.mtls.data.openbanking.vanquis.co.uk/open-banking/v3.1/aisp/

General variances to specification Please see above "Tips/Notes for TPP's" section
Non-functional limitations
  • Live environment hence unsuitable for load testing
  • Transaction History - We support 6 months transaction history
  • Pagination - We do not support pagination
  • Re-authentication/Authorization - Access token lifetime is 10 minutes
  • Refresh tokens are supported, lifetime is 90 days60years


The following endpoints are implemented and will return data where applicable

...

Ref ResourceEndpointsNotes 
1Products
  • GET /accounts/{AccountId}/product
  • GET /products

2Party
  • GET /accounts/{AccountId}/party
  • GET /party

3

Beneficiaries

  • GET /accounts/{AccountId}/beneficiaries
  • GET /beneficiaries

4Direct Debits
  • GET /accounts/{AccountId}/direct-debits
  • GET /direct-debits

5Standing-orders
  • GET /accounts/{AccountId}/standing-orders
  • GET /standing-orders

6Scheduled payments
  • GET /accounts/{AccountId}/scheduled-payments
  • GET /scheduled-payments

7Statements
  • GET /accounts/{AccountId}/statements/{StatementId}/file
  • All other statements endpoints are implemented, only statement/file is not implemented.

...

Swagger version

We currently support v.3.1

See JSON version: https://raw.githubusercontent.com/OpenBankingUK/read-write-api-specs/v3.1.0/dist/confirmation-funds-swagger.json

See YAML version: https://raw.githubusercontent.com/OpenBankingUK/read-write-api-specs/v3.1.0/dist/confirmation-funds-swagger.yaml

Base URI

Production: https://mtls.data.openbanking.vanquis.co.uk/open-banking/v3.1/cbpii/

Test facility: https://sandbox.mtls.data.openbanking.vanquis.co.uk/open-banking/v3.1/cbpii/ 

General variances to specification None
Non-functional limitations
  • Environment not suitable for load testing


The following endpoints are implemented and will return data where applicable

...

Swagger version

We currently support v.3.1.7

See JSON version: TBA

See YAML version: TBA

Base URI

Production: https://mtls.data.openbanking.vanquis.co.uk/open-banking/v3.1.7/pisp/domestic-payments/

Test facility: https://sandbox.mtls.data.openbanking.vanquis.co.uk/open-banking/v3.1.7/pisp/domestic-payments/

General variances to specification None
Non-functional limitations
  • Environment not suitable for load testing

The following endpoints are implemented and will return data where applicable

...