Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

This page has been created and maintained by the relevant ASPSP, and OBIE takes no liability for the completeness nor accuracy of this data.

Note to ASPSP: Please indicate which brands this applies to and/or duplicate this page per brand if relevant.


ASPSPCapital One (Europe)
BrandCapital One
Date
Developer portal (s)https://developer.capitalone.co.uk/apis

Announcements:

Improvement

Delivery date



Change to Production:

Improvement

Delivery date

Summary: We will refresh the expiry of Refresh tokens so long as Access Tokens are refreshed within a 90-day period.

Solution

  • Capital One UK already issues refresh tokens alongside access tokens, in response to requests from TPPs.
  • Going forward, whenever a TPP makes a request to us using an access token and refresh token that we have issued them, we’ll issue brand new refresh tokens with each response to a TPP.
  • The new refresh tokens will be issued with a validity period of 90 days from the date of issue. Once a new token is issued, the previously issued token will be invalidated.
  • During this 90 day validity period, the TPP can then get another refresh token for another 90 days - and so on.
  • This allows perpetual access, so long as the TPP fetches a new refresh token within the 90 day window.

TPP Changes

  • As a TPP integrating with Capital One UK, you should ensure that you are always capturing and storing the refresh_token from each request, rather than only capturing the initial refresh_token on a first time request for a given customer. This is in line with the Oauth standard recommendation. Only the most recent refresh token will ever be valid.
  • You should also ensure that you have fallback mechanisms in place to ensure that you fetch a new refresh token within the 90 day validity period, for as long as the customer has granted you consent.

 



On-boarding

Supports dynamic client registration (Y/N)Y
Instructions for manual onboardingN/A
OIDC .well-known endpoint

https://integrations.capitalone.co.uk/.well-known/openid-configuration

Notes on testingTPPs must be registered with the Open Banking Directory
Other on-boarding notes
  • There is currently no support for Client Management
  • SSA must be issued by Open Banking
  • redirect_uris MUST match or be a subset of the software_redirect_uris claim in the SSA
  • See well-known endpoint for supported configurations
  • When onboarding if any challenges arise please contact ukdevelopersupport@capitalone.com

  • private_key_jwt must be specified as the the token_endpoint_auth_method
Documentation URL


https://developer.capitalone.co.uk/api/open-banking/index.html

Account Information API

Note to ASPSP: Please add a column per brand if relevant

Swagger versionv3
Base URI
https://open-banking.capitalone.co.uk/open-banking/v3.1/aisp
General variances to specification 

Time format - our interface supports the following data time format 2011-12-03T10:15:30

Non-functional limitations

Pagination is not supported

API Call Limits - Our interface implements rate-limiting on TPP data requests where the Customer is not present (as indicated by x-fapi-customer-ip-address header) where reached a 429 response will be returned.

RefAreaEndpointsNotes

Account Access Consents

POST /account-access-consents

GET /account-access-consents/{consentId}

DELETE /account-access-consents/{consentId}


Supported Permissions:

Note: These align with the data endpoints supported by our API implementation, other permissions other than list will be rejected.

    • ReadAccountsBasic
    • ReadAccountsDetail
    • ReadBalances
    • ReadTransactionsBasic
    • ReadTransactionsDetail
    • ReadTransactionsCredits
    • ReadTransactionsDebits

Accounts

GET /accounts

GET /accounts/{accountId}

The following fields will be included in the response where appropriate

Data.Account.AccountId
Data.Account.Currency
Data.Account.AccountType
Data.Account.AccountSubType
Data.Account.Description
Data.Account.Account
Data.Account.Account.SchemeName        // always UK.OBIE.PAN
Data.Account.Account.Identification           // last four of masked PAN
Data.Account.Account.Name

We do not support any optional fields


Balances

GET /balances

GET /balances/{accountId}

The following fields will be included in the response where appropriate

Data.Balance.AccountId
Data.Balance.CreditDebitIndicator
Data.Balance.Type                    // only support OpeningBooked
Data.Balance.DateTime
Data.Balance.Amount
Data.Balance.Amount.Amount
Data.Balance.Amount.Currency
Data.Balance.CreditLine
Data.Balance.CreditLine.Types

We do not support any optional fields


Transactions

GET /transactions

GET /transactions/{accountId}

The following fields will be included in the response where appropriate

Data.Transaction.AccountId
Data.Transaction.TransactionReference
Data.Transaction.CreditDebitIndicator
Data.Transaction.Status
Data.Transaction.BookingDateTime
Data.Transaction.ValueDateTime
Data.Transaction.TransactionInformation
Data.Transaction.AddressLine
Data.Transaction.Amount
Data.Transaction.Amount.Amount
Data.Transaction.Amount.Currency
Data.Transaction.MerchantDetails
Data.Transaction.MerchantDetails.MerchantName

We do not support any optional fields

  • No labels