This specification defines the APIs for a TPP to submit a Software Statement Assertion to an ASPSP for the purpose of creating OAuth clients that are registered with ASPSP.
Service Desk
https://www.openbanking.org.uk/terms
production
https://secure-api.lloydsbank.com/prod01/lbg
production
https://secure-api-eidas.halifax.co.uk/prod01/lbg
production
https://secure-api-eidas.bankofscotland.co.uk/prod01/lbg
production
https://secure-api.mbna.co.uk/prod01/lbg
production
https://secure-api.halifax.co.uk/prod01/lbg
production
https://secure-api.bankofscotland.co.uk/prod01/lbg
production
https://secure-api-eidas.mbna.co.uk/prod01/lbg
production
https://secure-api-eidas.lloydsbank.com/prod01/lbg
Paths
/register
post /register
Client Registration
Conditional
Register a client by way of a Software Statement Assertion
Endpoint will be secured by way of Mutual Authentication over TLS
requestBody
Optional in body
string / OBClientRegistration1
A request to register a Software Statement Assertion with an ASPSP
{
"schema": {
"type": "string",
"format": "OBClientRegistration1"
}
}Content-Type
Optional in header
string
application/jose
Accept
Optional in header
string
application/json
201
Attribute description not found
400
Attribute description not found
403
Attribute description not found
500
Attribute description not found
Example Request
Example Response
POST https://secure-api.lloydsbank.com/prod01/lbg/dcr-api/v1.0/register
Try this operation
/register/{ClientId}
put /register/{ClientId}
TPPOAuth2Security
TPPOAuth2Security
(oauth2 application)
TPP client credential authorisation flow with the ASPSP
Token URL
https://secure-api.lloydsbank.com/prod01/lbg/lyds/oidc-api/v1.1/token/lbg/lyds/oidc-api/v1.1/token
Scopes
openid
TPP Client Credential Scope for amendment of app
requestBody
Optional in body
string / OBClientRegistration1
A request to register a Software Statement Assertion with an ASPSP
{
"schema": {
"type": "string",
"format": "OBClientRegistration1"
}
}ClientId
Required in path
string
The client ID
Authorization
Required in header
string
An Authorisation Token as per https://tools.ietf.org/html/rfc6750
Content-Type
Optional in header
string
application/jose
Accept
Optional in header
string
application/json
200
Attribute description not found
400
Attribute description not found
403
Attribute description not found
500
Attribute description not found
Example Request
Example Response
PUT https://secure-api.lloydsbank.com/prod01/lbg/dcr-api/v1.0/register/{ClientId}
Try this operation
get /register/{ClientId}
TPPOAuth2Security
TPPOAuth2Security
(oauth2 application)
TPP client credential authorisation flow with the ASPSP
Token URL
https://secure-api.lloydsbank.com/prod01/lbg/lyds/oidc-api/v1.1/token/lbg/lyds/oidc-api/v1.1/token
Scopes
openid
TPP Client Credential Scope for amendment of app
ClientId
Required in path
string
The client ID
Authorization
Required in header
string
An Authorisation Token as per https://tools.ietf.org/html/rfc6750
Accept
Optional in header
string
application/json
200
Attribute description not found
400
Attribute description not found
403
Attribute description not found
500
Attribute description not found
Example Request
Example Response
GET https://secure-api.lloydsbank.com/prod01/lbg/dcr-api/v1.0/register/{ClientId}
Try this operation
delete /register/{ClientId}
Client Registration
Optional
Delete a client by way of Client ID
TPPOAuth2Security
TPPOAuth2Security
(oauth2 application)
TPP client credential authorisation flow with the ASPSP
Token URL
https://secure-api.lloydsbank.com/prod01/lbg/lyds/oidc-api/v1.1/token/lbg/lyds/oidc-api/v1.1/token
Scopes
openid
TPP Client Credential Scope for amendment of app
ClientId
Required in path
string
The client ID
Authorization
Required in header
string
An Authorisation Token as per https://tools.ietf.org/html/rfc6750
Accept
Optional in header
string
application/json
204
Client deleted
401
Attribute description not found
403
Attribute description not found
405
Attribute description not found
Example Request
Example Response
DELETE https://secure-api.lloydsbank.com/prod01/lbg/dcr-api/v1.0/register/{ClientId}
Try this operation
Definitions
{
"type": "string",
"enum": [
"RS256",
"PS256",
"RS384",
"RS512"
]
}
{
"type": "object",
"required": [
"redirect_uris",
"token_endpoint_auth_method",
"grant_types",
"scope",
"software_statement",
"application_type",
"id_token_signed_response_alg",
"request_object_signing_alg",
"tls_client_auth_subject_dn"
],
"properties": {
"client_id": {
"description": "OAuth 2.0 client identifier string",
"type": "string",
"minLength": 1,
"maxLength": 36
},
"client_secret": {
"description": "OAuth 2.0 client secret string",
"type": "string",
"minLength": 1,
"maxLength": 36
},
"client_id_issued_at": {
"description": "Time at which the client identifier was issued expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC",
"type": "integer",
"format": "int32",
"minimum": 0
},
"client_secret_expires_at": {
"description": "Time at which the client secret will expire expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC. Set to 0 if does not expire",
"type": "integer",
"format": "int32",
"minimum": 0
},
"redirect_uris": {
"type": "array",
"items": {
"type": "string",
"format": "uri",
"minLength": 1,
"maxLength": 256
}
},
"token_endpoint_auth_method": {
"type": "string",
"enum": [
"client_secret_basic",
"client_secret_post",
"tls_client_auth"
]
},
"grant_types": {
"type": "array",
"items": {
"type": "string",
"enum": [
"client_credentials",
"authorization_code"
]
},
"minItems": 1
},
"response_types": {
"type": "array",
"items": {
"type": "string",
"enum": [
"code",
"code id_token"
]
}
},
"software_id": {
"type": "string",
"minLength": 1,
"maxLength": 22,
"pattern": "^[0-9a-zA-Z]{1,22}$"
},
"scope": {
"type": "string",
"minLength": 1,
"maxLength": 256
},
"software_statement": {
"type": "string",
"format": "JWT"
},
"application_type": {
"type": "string",
"enum": [
"web",
"mobile"
]
},
"id_token_signed_response_alg": {
"$ref": "#/definitions/SupportedAlgorithms"
},
"request_object_signing_alg": {
"$ref": "#/definitions/SupportedAlgorithms"
},
"token_endpoint_auth_signing_alg": {
"$ref": "#/definitions/SupportedAlgorithms"
},
"tls_client_auth_subject_dn": {
"type": "string",
"minLength": 1,
"maxLength": 128
}
}
}
{
"allOf": [
{
"type": "object",
"required": [
"iss",
"iat",
"exp",
"aud",
"jti"
],
"properties": {
"iss": {
"description": "Unique identifier for the TPP. Implemented as Base62 encoded GUID",
"type": "string",
"pattern": "^[0-9a-zA-Z]{1,22}$",
"minLength": 1,
"maxLength": 22
},
"iat": {
"description": "The time at which the request was issued by the TPP expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC",
"type": "integer",
"format": "int32"
},
"exp": {
"description": "The time at which the request expires expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC",
"type": "integer",
"format": "int32"
},
"aud": {
"description": "The audience for the request. This should be the unique identifier\nfor the ASPSP issued by the issuer of the software statement.\nImplemented as Base62 encoded GUID\n",
"type": "string",
"pattern": "^[0-9a-zA-Z]{1,18}$",
"minLength": 1,
"maxLength": 18
},
"jti": {
"description": "Unique identifier for the JWT implemented as UUID v4",
"type": "string",
"pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$",
"minLength": 36,
"maxLength": 36
}
}
},
{
"$ref": "#/definitions/OBRegistrationProperties1"
}
]
}
{
"type": "object",
"required": [
"error"
],
"properties": {
"error": {
"type": "string",
"enum": [
"invalid_redirect_uri",
"invalid_client_metadata",
"invalid_software_statement",
"unapproved_software_statement"
]
},
"error_description": {
"type": "string",
"minLength": 1,
"maxLength": 500
}
}
}
The status code.
{
"type": "integer"
}
Further details describing the error.
{
"type": "string"
}
The error code.
{
"type": "string",
"enum": [
"BOILERPLATE_API_ERR_001"
]
}
{
"title": "Internal server error",
"type": "object",
"properties": {
"statusCode": {
"$ref": "#/definitions/statusCode"
},
"message": {
"$ref": "#/definitions/message"
},
"code": {
"$ref": "#/definitions/500code"
}
},
"required": [
"statusCode",
"message",
"code"
]
}