Implementation Guide: Cater Allen Limited

This page has been created and maintained by the relevant ASPSP, and OBIE takes no liability for the completeness nor accuracy of this data.

Note to ASPSP: Please indicate which brands this applies to and/or duplicate this page per brand if relevant.

ASPSPCater Allen Limited
BrandCater Allen Private Bank
Developer portal (s)


Production: presently in Model Office Testing in PROD. Due to be completed by end of July to August 2019


Delivery date

Change to Production:

Delivery date


Supports dynamic client registration (Y/N)N
Instructions for manual onboarding

1) Open access or regulated access?
Three of our Open Banking APIs are available to everyone, without registration. Our open access APIs are:

- BCA Products

- PCA Products

- FCA Metrics

You need to register in order to work with regulated APIs, and we explain how you do this in Step 3. Once you are registered and depending on your permissions, you’ll be able to access:
• Accounts and Transactions
• Payment Initiation
• Confirmation of Funds (available only in Sandbox until September 2019)
Find a list of our API products and descriptions on our Sandbox and Developers Portals.

2) Are you registered with the Open Banking directory?
To access our regulated Open Banking APIs, you need to be registered with the Open Banking directory.
Once registered, you’ll be able to use our regulated Open Banking APIs and those provided by any Open Banking compliant bank. However, there are two types of registration: Sandbox and Production.



3) Explore and Select your Open Banking API

The Account Information and Payment Initiation APIs are featured on the "Home" page.

  1. Click the "Explore" button to get the interface specifications.
  2. Click the "Log In" button to subscribe and access the APIs.

4) Sign Up to Open Banking

After clicking on the "Log In" button, you will be redirected to the Open Banking website, where you will need to follow the Open Banking sign on process.

Once the log in process within Open Banking is complete, you will be redirected to the Cater Allen Developer Portal where you can register an application and subscribe to the APIs.

5) Register your Application

Follow the steps shown below to upload a Software Statement Assertion (SSA) and register your application:

  1. Go to the "Applications" page in the menu.
  2. The application section will open and you will need to click on the "Add application" button
  3. In the new window you will need to enter:
      1. Your SSA certificate. This will be validated against OBIE. You can decode the successfully validated SSA.
      2. The name of your application and all the necessary details in the page will be automatically filled in.
      3. Manually select "Per Token Quota" and type a description.
  1. Click "Add" button.

6) Subscribe to an API plan

Go to the "APIs" menu option, where you can see the all the API versions we support. Select the relevant API to access the technical details and the subscription plan.

  1. Select your application and tiers and click on the "Subscribe" button.
  2. Click on the "Subscribe" button - all the Applications previously registered will be displayed
  3. A message of confirmation is displayed when the subscription is complete.
OIDC .well-known endpoint


Notes on testing

Account Initiation Service and Payment Initiation Service

Your first step will be to choose the API(s) you want to test.
Below are some key points you will need to know before getting started:
• Cater Allen’s Sandbox well-known URL -

  • Cater Allen’s Sandbox doesn’t include a full consent journey

  1. Get Token using Client Credential Grant
    This is the TLS-MA handshake between yourself and Cater Allen. This step generates the access token known as the "client credential grant" which is valid for ONLY 5 minutes.
    Before you start you’ll need to have valid network and signing certificates issued by Open Banking. OB Directory will provide and host the necessary certificates containing the corresponding public keys so that the signature may be verified.
  2. Post Account/Payment Request
    For the next step, you will need the Account Request ID(s) for the scenario you would like to test.
    Once you have input the Account ID to the URL, you can make the call. As a response, you will receive a summary of all the permissions given relating to the specific account request ID.
  3. Create Request Object
    You must then generate the request token (jwt or JSON web token) that will be used as part of the next ‘Authorise Request’ call.
    Please refer to OBIE security specification for details on how to generate the Request Object. This request token contains the Resource ID, encrypted based on the security policy defined by Cater Allen and the Open Banking Implementation Entity (OBIE).
  4. Invoke Authorise Request
    In the Sandbox we don’t have the UJs to give the authorized request. We mocked the data using user access token API with scope as accounts, grant_type as password , user name as “” and password as “wso2123”.

This user access token will give you an authorization token which will grant you access to the APIs.

Other on-boarding notes

Documentation URL

Account Information API

Note to ASPSP: Please add a column per brand if relevant

Swagger version3.1.0
Base URI 

General variances to specification No variances to specification
Non-functional limitations
RefAreaFieldAvailable (Y/N)Exception/Notes (inc details on classification codes, field limits, and field formats)

The full list of Account Information API and their details are available on:

Payment Initiation API

Swagger version3.1.0
Base URI
General variances to specificationNo variances to specification
Non-functional limitations
RefAreaFieldAvailable (Y/N)Exception/Notes (inc details on classification codes, field limits, and field formats)

The full list of Payment Initiation API and their details are available on:

Open Data API

Swagger version1.0
Base URI
General variances to specification No variances to specification
Non-functional limitations
RefAreaFieldAvailable (Y/N)Exception/Notes (inc details on classification codes, field limits, and field formats)

The details of the Open Data API are available on: