This page has been created and maintained by the relevant ASPSP, and OBIE takes no liability for the completeness nor accuracy of this data.

Note to ASPSP: Please indicate which brands this applies to and/or duplicate this page per brand if relevant.

ASPSP	Royal Bank of Scotland Group
Brand	Ulster Bank Ltd
Date	11 Oct 2018
Developer portal (s)	https://www.bankofapis.com/

On-boarding

Supports dynamic client registration (Y/N)	Y
Instructions for manual onboarding	Ulster Bank plc does not support manual registration. Only dynamic registration is supported.
OIDC .well-known endpoint	https://secure1.ulsterbank.co.uk /.well-known/openid-configuration
Notes on testing	Follow the instructions on the ‘Sandbox’ page in our developer portal to get started. For all other testing related support, raise a testing related request using the ‘Raise Ticket’ button on our developer portal ‘Help & Support’ page.
Other on-boarding notes	None
Documentation URL	https://www.bankofapis.com/products/accounts/documentation/nwb/3.1.0

Account Information API

Note to ASPSP: Please add a column per brand if relevant

Swagger version	1.1
Base URI	/
General variances to specification	Bulk endpoints not implemented
Non-functional limitations	Global rate limiting of 16 TPS (total across all API types) , Individual TPP rate limiting of 12 TPS

Ref	Area	Field	Available (Y/N)	Exception/Notes (inc details on classification codes, field limits, and field formats)
		Tbd – see swagger spec

Payment Initiation API

Swagger version	1.1
Base URI	/
General variances to specification	Bulk endpoints not implemented
Non-functional limitations	Global rate limiting of 16 TPS (total across all API types) , Individual TPP rate limiting of 12 TPS

Ref	Area	Field	Available (Y/N)	Exception/Notes (inc details on classification codes, field limits, and field formats)
		Tbd – see swagger spec

App 2 App Information

Prerequisites for testing

TPPs must have :
• An existing production integration with the Brand that the TPPs wish to test App2App against
• Bank Accounts for the Brand they wish to test – must have credentials for e-Banking/Online Banking/Personal customer (Bankline customers currently not supported)
• Bank’s Mobile App can be downloaded from iOS and Android app stores

Integration

There are new Authorization Servers (AS’s) for App2App; these will be added to the OBIE Directory post testing period
Each Authorization Server hosts a .well-known endpoint (the only difference though is the AS’s URL “authorization_endpoint”)
Ulster Bank NI (UBN) Mobile Banking :
• Authorization Server : https://personal.secure1.ulsterbank.co.uk/as/authorization.oauth2
• Well-Known Endpoint : https://personal.secure1.ulsterbank.co.uk/.well-known/openid-configuration

N.B. “Please note that only values in the OIDC request object will be processed and responded to. Any additional values or checks will be ignored. RBS will update this page once this is resolved for PKCE checks.”

Open Data API

Swagger version	1.1
Base URI	/
General variances to specification	None
Non-functional limitations	None

Ref	Area	Field	Available (Y/N)	Exception/Notes (inc details on classification codes, field limits, and field formats)
		Tbd – see swagger spec

Customer Experience

RBS (Ulster Bank Ltd.) implementation of Redirection Journey Improvement as agreed with OB Trustee

Item	Actions for RBS	Due date
1	Display of data clusters in tile format and alignment of terminology to OBIE’s Customer Experience Guidelines	Completed 14 December 2018
2	Refine the position on the screen that user accounts appear when selecting accounts to be shared with an AISP	Completed 14 December 2018
3	Other direct enhancements resulting from the CEG: AISP Clearer display of when consent expires Two step consent – additional step removed which used to show details of what data is being shared automatically; now users can choose to click ‘What am I sharing?’ Implementation of quick links e.g. select all accounts Explanation of which accounts are and are not available for selection up front rather than as a link Sticky footer once account is selected which also shows total number of accounts being shared PISP Two step consent journey – select account and review steps merged into one screen Payment information shown to reflect research findings on what information PSU’s use to identify their preferred payment account Fully responsive solution for consistent experience regardless of device	Completed 14 December 2018
4	Refinement to the wording regarding the purpose of connecting to Online Banking on each authentication screen and highlighting that credentials will not be shared with TPPs	Due 25 February 2019
5	Display of data at ASPSP as a PSU selected option to avoid replaying consent – user has option to click ‘What am I sharing?’ link on each screen post-authentication	Completed 14 December 2018

Implementation Guide: Ulster Bank Ltd