SUPPORT

Guide to using Lloyds Banking Group APIs

In this Article

INTRODUCTION

BACKGROUND

There is currently no standardised way for ASPSPs to communicate the differences in ASPSP implementations.

This covers both:

  • Differences in on-boarding and directory interactions
  • Differences in capability delivered for the Read/Write APIs

The above can generate challenges to TPPs as they will not know:

  • What processes to follow in order to onboard with each ASPSP
  • Which API endpoints they can call
  • What data elements they can receive from different ASPSPs, and for unstructured data - what format they receive it

Furthermore, TPPs have different sets of requirements for the Read/Write APIs. This is because of their business models, applications and service offerings. Therefore TPPs need the ability to identify which ASPSP implementations are suitable match to their offerings. This will ensure they can offer a good end user experience.

PURPOSE OF THIS DOCUMENT

This Implementation Variations Guide outlines the variations in Lloyds Banking Group’s Open Banking API endpoint and API response implementation. Information contained within this document aims to make the development of applications by TPPs using Read/Write APIs faster and easier.

END-TO-END API JOUNEY

This section explains how to on-board onto the Lloyds Banking Group Developer Portal and how to complete an end-to-end API journey. In this instance the example used is an Account Information API journey.

Logging on to the Develop Portal

Log into the Developer Portal by clicking the 'Log in with Open banking' button on the top right of the portal. You will need to have logon credentials for a company listed on the Open Banking Production Directory. When you log in, your user is placed into a new Developer Organization corresponding to your company (or it will add you to the organization if it already exists).

ON-BOARD USING DYNAMIC CLIENT REGISTRATION

Follow the On-Board Using Dynamic Client Registration for onboarding instructions using DCR.

OTHER USEFUL INFORMATION

  1. Access our consent domains from browser :

    https://authorise.lloydsbank.co.uk/ib/pb/cwa/404
    https://authorise.halifax-online.co.uk/ib/pb/cwa/404
    https://authorise.bankofscotland.co.uk/ib/pb/cwa/404
    https://authorise.mbna.co.uk/ib/pb/cwa/404

  2. Our APIs themselves all sit behind the following domains – these are over MA-TLS – so we would like you to try presenting your OB-signed client cert against these to validate the SSL handshake is working as expected (e.g. by using an appropriate openSSL command, in chrome etc.).

    https://secure-api.lloydsbank.com
    https://secure-api.halifax.co.uk
    https://secure-api.bankofscotland.co.uk
    https://secure-api.mbna.co.uk

  3. Our APIs themselves all sit behind the following domains – these are over MA-TLS – so you will be required to present your eIDAS QWAC client cert against these to validate the SSL handshake is working as expected (e.g. by using an appropriate openSSL command, in chrome etc.).

    https://secure-api-eidas.lloydsbank.com/
    https://secure-api-eidas.halifax.co.uk/
    https://secure-api-eidas.bankofscotland.co.uk/
    https://secure-api-eidas.mbna.co.uk/

    The list of supported QTSPs is available in the OBIE Transparency Calendar –

    https://openbanking.atlassian.net/wiki/spaces/AD/pages/1130594843/Lloyds+Bank+PLC

  4. Discovery Endpoints (OBIE) – TLS Client Auth

    Brand Discovery Endpoint (OBIE)
    Lloyds
    Halifax
    BOS
    MBNA
     

  5. Discovery Endpoints (eIDAS) - TLS Client Auth

    Brand Discovery Endpoint (eIDAS)
    Lloyds
    Halifax
    BOS
    MBNA
     

    "token_endpoint_auth_methods_supported":["tls_client_auth"]

  6. We support Refresh Tokens for fundsconfirmations, accounts, payments (only VRP) scopes.

  7. Lloyds Banking Group’s Public Keys are available at the Keystore set up by Open Banking Ltd.

  8. All APIs are secured with TLS Mutual Authentication where Certs are signed by Open Banking CA.We do not support JWS client assertion. (private_key_jwt), instead we support Mutual-TLS Client Authentication (tls_client_auth).

  9. Nonce String Limit: When submitting an AISP or PISP request, the maximum length a nonce string can be is 100 characters. Beyond this, the consent will not be activated.As part of our implementation we support registration of an application with multiple Oauth redirect URLs. TPPs can register multiple redirect URLs when creating an application on the Developer Portal.

  10. For digital signatures we will support PS256 from 13th March 2019, please see Discovery Endpoints for more information. The digital signatures generated by LBG will only use PS256.

TESTING THE ACCOUNT INFORMATION APIS

  1. Set up Client Credentials Token

    In this step you (the AISP) obtain an Access Token using a Client Credentials Grant Type. When an Access Token expires, you will need to re-request for another Access Token.

    For Authentication method - tls_client_auth:

    curl -k -X POST \

    --key ./private-cert.key \

    --cert ./public-cert.pem \

    --cacert ./ca-cert.pem \

    --url {secure-domain}/ prod01/lbg/lyds/mtls-token-api/v1.1/token\

    --header 'accept: application/json' \

    --header 'cache-control: no-cache' \

    --header 'content-type: application/x-www-form-urlencoded' \

    --data 'grant_type=client_credentials&client_id=c1d81a9a-609a-47be-9363-8fa038b987da& scope=accounts'

    URL

    Parameter Example Value Description
    secure-domain

    OBWAC:

    https://secure-api.lloydsbank.com

    OBWAC or QWAC:

    https://secure-api-eidas.lloydsbank.com/

    Please refer to the Other Useful Information section for all brand specific domains
     

    Certs

    Parameter Example Value Description
    CACert

    Combination of Root & Intermediate

    Must provide in the request if the QWAC transport certs are being used. However, this is optional for the OBWAC, OB Transport.
     

    Data

    Parameter Example Value Description
    grant_type client_credentials The grant type being requested
    client_id c1d81a9a-609a-47be-9363- 8fa038b987da The Client ID of your application registered in the developer portal
    scope accounts The scope being requested
     

  2. Invoke the Account Request API

    Using the Access Token obtained in the step 1, invoke the Accounts API.

    curl -k -v --request POST \

    --key ./private-cert.key \

    --cert ./public-cert.pem \

    --cacert ./root-ca.pem \

    --compressed \

    --url {secure-domain}/prod01/lbg/lyds/open-banking/v3.1/aisp/account-access-consents \

    --header 'authorization: Bearer AAIkMDM5NDJmZTUtOGNiMi00NzVmLWIwMTItNDgyZjM0ZTExYzI5ujAPRjg9HCsXYdEx15e-1h8ZdUQvTtI2Q3lkxQl3tv3n1zVlTnK0jbC1xzhnx6XRH7KBbLCr8qzYUBN0pGDSjdKGgYfFw5om5YF zRrq7j4I8_b6KSlgZ1F4Cs7SvpLLJmHSKL0tGPIA0VSsaAyHilg' \

    --header 'content-type: application/json; charset=UTF-8' \

    --header 'x-fapi-customer-ip-address: REPLACE_THIS_VALUE' \

    --header 'x-fapi-customer-last-logged-time: REPLACE_THIS_VALUE' \

    --header 'x-fapi-financial-id: REPLACE_THIS_VALUE' \

    --header 'x-fapi-interaction-id: REPLACE_THIS_VALUE' \

    --header 'x-jws-signature: REPLACE_THIS_VALUE' \

    --data '{"Data":{"Permissions":["ReadBeneficiariesBasic"],"ExpirationDateTime":"2018-08-28T15:39:19.515Z","TransactionFromDateTime":"2016-04-02T11:59:32.044Z","TransactionToDateTime":"2017-07-16T17:59:09.521Z"},"Risk":{}}'

    URL

    Parameter Example Value Description
    secure-domain

    Example Value:

    OB Transport, OBWAC:

    https://secure-api.lloydsbank.com/

    OBWAC, QWAC:

    https://secure-api-eidas.lloydsbank.com/

    Please refer to the Other Useful Information section for all brand specific domains
     

    Headers

    Parameter Example Value Description
    authorization

    Bearer
    AAIkMDM5NDJmZTUtOGNiMi00NzVmL WIwMTItNDgyZjM0ZTE........

    The access token obtained in step 1
     

    Certs

    Parameter Example Value Description
    CACert Combination of Root & Intermediate Must provide in the request if the QWAC transport certs are being used. However this is optional for the OBWAC, OB Transport.
     

    Body

    Parameter Example Value Description
    Data

    {"Data":{"Permissions":["ReadBeneficiarie sBasic"],"ExpirationDateTime":"2010-08- 28T15:39:19.515Z","TransactionFromDat eTime":"2016-04- 02T11:59:32.044Z","TransactionToDateTi me":"2017-07- 16T17:59:09.521Z"},"Risk":{}}

    The permissions being requested
     

    Please refer here for a full list of the allowed permissions.

    Take note of the AccountRequestID in the response data. This is required in the next step.

  3. Authorize Consent

    In this step, you create the authorization request (using a signed JWT request containing the AccountRequestId as a claim) for the customer to consent to the account request directly with the ASPSP. Hybrid Flow support is optional in the OB Security Profile.

    Using a web browser, invoke the URL below to emulate the customer giving consent (changing the values as required).

    Please note for App to App the same consent authorisation endpoints are used. Please refer to section 7 for a full list of Consent Authorisation URLs and Section 9 for an overview of App to App.

    https://authorise-api.lloydsbank.co.uk/prod01/lbg/lyds/personal/oidc-api/v1.1/authorize?response_type=code%20id_token&client_id=c1d81a9a-609a-47be-9363- 8fa038b987da&state=123456&scope=openid%20accounts&redirect_uri=https://example.com/redir ect&nonce=4987594875485-j&request=eyJhbGciOiJSUzI1NiIsImtpZCI6Ikd4bElpd2lhblZxc0R1dXNoZ2pFME9UVXhPVGsifQ.ey Jpc3MiOiJodHRwczovL2FwaS5hbHBoYWJhbmsuY29tIiwiYXVkIjoiczZCaGRSa3F0MyIsInJlc3Bvb nNlX3R5cGUiOiJjb2RlIGlkX3Rva2VuIiwiY2xpZW50X2lkIjoiczZCaGRSa3F0MyIsInJlZGlyZWN0X3 VyaSI6Imh0dHBzOi8vYXBpLm15dHBwLmNvbS9jYiIsInNjb3BlIjoib3BlbmlkIHBheW1lbnRzIGFjY29 1bnRzIiwic3RhdGUiOiJhZjBpZmpzbGRraiIsIm5vbmNlIjoibi0wUzZfV3pBMk1qIiwibWF4X2FnZSI6O DY0MDAsImNsYWltcyI6eyJ1c2VyaW5mbyI6eyJvcGVuYmFua2luZ19pbnRlbnRfaWQiOnsidmFsd WUiOiJ1cm46YWxwaGFiYW5rOmludGVudDo4ODM3OSIsImVzc2VudGlhbCI6dHJ1ZX19LCJpZF 90b2tlbiI6eyJvcGVuYmFua2luZ19pbnRlbnRfaWQiOnsidmFsdWUiOiJ1cm46YWxwaGFiYW5rOmlu dGVudDo4ODM3OSIsImVzc2VudGlhbCI6dHJ1ZX0sImFjciI6eyJlc3NlbnRpYWwiOnRydWUsInZhb HVlcyI6WyJ1cm46b3BlbmJhbmtpbmc6cHNkMjpzY2EiLCJ1cm46b3BlbmJhbmtpbmc6cHNkMjpjYS JdfX19fQ.ehVeTgyYW7w9Gbbwp53h5J-yghKc_KV3XU8vSkioJEiTRHj4dUmvjlleLb7GcohKBI7wHULjQjRTam1Zds_WAtiH2bk86YNQalzf9 mt3SVzpIdtCaJdGiMYkD7ePf2mKDDluSH_HWgiLzy-B5diH-5JKtwHVMmxoaLbG4lzoCdo

    URL

    Parameter Example Value Description
    response_type code id_token The OAuth flow type being used
    client_id c1d81a9a-609a-47be-9363-8fa038b987da The Client ID of your application registered in the developer portal
    State 12345 The state as specified by the TPP
    scope openid accounts The scope being requested
    redirect_uri

    https://example.com/redirect

    		 The redirect URL of the application registered in the developer portal. This must match the redirect URL from your software statement on the Open Banking Directory.
    nonce 4987594875485-j The nonce as specified by the TPP
    request

    eyJhbGciOiJSUzI1NiIsImtpZCI6Ikd4bElpd 2lhblZxc0R1dXNoZ2pFME9UVXhPVGsif Q.eyJpc3MiOiJodHRwczovL2FwaS5hbHB oYWJhbmsuY29tIiwiYXVkIjoiczZCaGRSa 3F0MyIsInJlc3BvbnNlX3R5cGUiOiJjb2RlI GlkX3Rva2VuIiwiY2xpZW50X2lkIjoiczZCa GRSa3F0MyIsInJlZGlyZWN0X3VyaSI6Im h0dHBzOi8vYXBpLm15dHBwLmNvbS9jYi IsInNjb3BlIjoib3BlbmlkIHBheW1lbnRzIGFj Y291bnRzIiwic3RhdGUiOiJhZjBpZmpzbG RraiIsIm5vbmNlIjoibi0wUzZfV3pBMk1qIiw ibWF4X2FnZSI6ODY0MDAsImNsYWltcyI 6eyJ1c2VyaW5mbyI6eyJvcGVuYmFua2lu Z19pbnRlbnRfaWQiOnsidmFsdWUiOiJ1c m46YWxwaGFiYW5rOmludGVudDo4OD M3OSIsImVzc2VudGlhbCI6dHJ1ZX19LC JpZF90b2tlbiI6eyJvcGVuYmFua2luZ19pb nRlbnRfaWQiOnsidmFsdWUiOiJ1cm46Y WxwaGFiYW5rOmludGVudDo4ODM3OSI sImVzc2VudGlhbCI6dHJ1ZX0sImFjciI6ey Jlc3NlbnRpYWwiOnRydWUsInZhbHVlcyI 6WyJ1cm46b3BlbmJhbmtpbmc6cHNkMjp zY2EiLCJ1cm46b3BlbmJhbmtpbmc6cHN kMjpjYSJdfX19fQ.ehVeTgyYW7w9Gbbwp 53h5JyghKc_KV3XU8vSkioJEiTRHj4dUmvjlleLb 7GcohKBI7wHULjQjRTam1Zds_WAtiH2b k86YNQalzf9mt3SVzpIdtCaJdGiMYkD7e Pf2mKDDluSH_HWgiLzy-B5diH5JKtwHVMmxoaLbG4lzoCdo

    This is an OIDC request object containing a claim identifying the accounts that needs to be authorized. To modify it to support your test scenario use the debugger at https://jwt.io

     

    Follow the UI flow and at the end of the flow take note of the authorization code and id token appended to the URL (e.g. https://example.com/redirect?code=xxxxxxxxxxxxx&id_token=xxxxxxxxxx).

  4. Validate the c_hash and the s_hash of the ID Token

    At this point, you will now introspect the ID Token and use it as a detached signature to check:

    • The hash of the Authorization Code to prove it hasn't been tampered with during redirect (comparing the hash value against the c_hash attribute in ID Token)

    • The hash of the state to prove it hasn't been tampered with during redirect (comparing the state hash value against the s_hash attribute in the ID Token)

    Also validate the signatures using the Lloyds Banking Group public key obtained from the OBIE.

  5. Get the Access Token required to access the Account

    Following the OAuth2.0 protocol, you now exchange the access code for the access token required for step 6.

    For Authentication methods – tls_client_auth:

    curl -k -v \

    --key ./22uobbpbcf1ztrsvxfoaj4.key \

    --cert ./22uobbpbcf1ztrsvxfoaj4_open_banking_test_issuing_ca_.pem \

    --compressed \

    -X POST \

    -d 'client_id=c1d81a9a-609a-47be-9363-

    8fa038b987da&grant_type=authorization_code&redirect_uri=https://example.com/redirect&cod e=gktvoeyJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiYWxnIjoiUlNBMV81Iiwia2lkIjoicTQtMjAxNy1tMi 1ib3MifQ.cB1t7tqgnQ_5Mu0XH2yR3oPfF_8HgrHi7uVSZY67Z77Qu-8K9c_6FVASDyoa-9O0Yi5f XqKMua_FrGveJ1Jur715HNqVaVPrR9v1M3akH8J92Af7nxED1R3647jKeftBkvy89h58 98Aexa6q1nMAsFL9N0W-

    5239ztqzNY00Qys4EfqEdKyyUZYvTRcgg0Z8Snw9c4_J48twgHY4DLl5DvGjekPPlLCEe-YebWgIUcb21z8JCudJKFnvQoZNryiT0oYbBeuu_7IVAUzJPvG5KiicnczWssgGX2WRTAj2-i6OGVcOcRpjcdE0RNKLwbBC2q9-HiD9_plMr5VjrkFn9A.9JwONmpP8iZKJh4sXdOskw.3cr4SulCTjU0tSzMrvp3K4zfbJ6t4bXkaq6v 9V-qvnnkGg7Pm8Vwfi906kALBpL3m5FKh19XV1mL7miQonlgRXbeHehkmG7IU-dXmq-suJnb-y4WCSFkHhZDYh2wsxDVY_l9BRZOyknSPjqdorlnwOnZRU0PALwPWhBB3BQFrRxaNLIAETv qjMMmTZssadVt9lZ10DFbfIsGIE78B8pkg-hoHdmFpXVCadnq8JgKi8knwKmUJ6bZqyfZbyR2isXvlAc5Bx1C5VK7png2fw0nPTUBt7H9euU 2gy-UsKo6OInJeDwHpxkQDFM8GFZyMOXyjEae6Zozj4pXAyHAmdKfFwy1Kbv2jyUXq4FCeQHph I 4wKvhgSNOVvA_asOExj8DlGPaIgzphMKseXmKTzWMpv3gRsmIGdZvH7lMhGsq7EZnlheYW UK3f MymJCQXu7jzEBP7DsJfNsCG6S9yG8Aih72_mrAvXjXEU_pqqbL6d8gWJJ4mnwIln-VxBxyO0M759VNgTw4tP93rNAjiPmJGwHQrtBxmg5lR-ET2oxTF_LyZWYFyVmIOiEPwabfvTrZxpcdwTRJK_mXfYGeWABxEZZXlZE7pWHoxusxRdnyl en4s35MHcZjWjCa8DddglkngYAF8l6otGyeuRZqHN6cu32uH5zHx9Z7E_rZmXT3h_uu9QK-

    lfhIIaCr8OWMOrDOL.0HPU-Bu1wR8RYCq-5QV0tQ' \

    {secure-domain}/prod01/lbg/lyds/mtls-token-api/v1.1/token \

    URL

    Parameter Example Value Description
    secure-domain

    OBWAC:

    https://secure-api.lloydsbank.com/

    OBWAC, QWAC:

    https://secure-api-eidas.lloydsbank.com/

    Please refer to the Other Useful Information section for all brand specific domains
     

    Certs

    Parameter Example Value Description
    CACert Combination of Root & Intermediate Must provide in the request if the QWAC transport certs are being used. However, this is optional for the OBWAC, OB Transport.
     

    Body

    Parameter Example Value Description
    client_id c1d81a9a-609a-47be-9363-8fa038b987da Client ID of your application registered in the developer portal
    grant_type

    Example Value:

    authorisation_code

    Description:

    The grant type being requested
    redirect_uri

    https://example.com/redirect

    		 The redirect URL which must match that of the application registered in the developer portal
    code

    gktvoeyJlbmMiOiJBMTI4Q0JDLUhTMjU2I iwiYWxnIjoiUlNBMV81Iiwia2lkIjoicTQtMjA xNy1tMi1ib3MifQ.cB1t7tqgnQ_5Mu0XH2y R3oPfF_8HgrHi7uVSZY67Z77Qu8K9c_6FVASDyoa9O0Yi5fXqKMua_FrGveJ1Jur715HNqVaV PrR9v1M3akH8J92Af7nxED1R3647jKeftB kvy89h5898Aexa6q1nMAsFL9N0W5239ztqzNY00Qys4EfqEdKyyUZYvTRcgg 0Z8Snw9c4_J48twgHY4DLl5DvGjekPPlL CEeYebWgIUcb21z8JCudJKFnvQoZNryiT0oY bBeuu_7IVAUzJPvG5KiicnczWssgGX2W RTAj2- i6OGVcOcRpjcdE0RNKLwbBC2q9- HiD9_plMr5VjrkFn9A.9JwONmpP8iZKJh4 sXdOskw.3cr4SulCTjU0tSzMrvp3K4zfbJ6t 4bXkaq6v9VqvnnkGg7Pm8Vwfi906kALBpL3m5FKh19 XV1mL7miQonlgRXbeHehkmG7IU-dXmqsuJnby4WCSFkHhZDYh2wsxDVY_l9BRZOykn SPjqdorlnwOnZRU0PALwPWhBB3BQFrR xaNLIAETvqjMMmTZssadVt9lZ10DFbfIsG IE78B8pkghoHdmFpXVCadnq8JgKi8knwKmUJ6bZq yfZbyR2isXvlAc5Bx1C5VK7png2fw0nPTU Bt7H9euU2gyUsKo6OInJeDwHpxkQDFM8GFZyMOXyj Eae6Zozj4pXAyHAmdKfFwy1Kbv2jyUXq4 FCeQHphII4wKvhgSNOVvA_asOExj8DlG PaIgzphMKseXmKTzWMpv3gRsmIGdZv H7lMhGsq7EZnlheYWUK3fMymJCQXu7j zEBP7DsJfNsCG6S9yG8Aih72_mrAvXjX EU_pqqbL6d8gWJJ4mnwIlnVxBxyO0M759VNgTw4tP93rNAjiPmJGw HQrtBxmg5lRET2oxTF_LyZWYFyVmIOiEPwabfvTrZxp cdwTRJK_mXfYGeWABxEZZXlZE7pWHo xusxRdnylen4s35MHcZjWjCa8DddglkngY AF8l6otGyeuRZqHN6cu32uH5zHx9Z7E_r ZmXT3h_uu9QKlfhIIaCr8OWMOrDOL.0HPUBu1wR8RYCq-5QV0tQ

    The authorisation code retrieved in step 3
     

    Take note of the access token and ID Token in the response data.

  6. Validate the at_hash of the ID Token

    At this point, you will now introspect the ID Token and use it as a detached signature to check:

    • The hash of the access token to prove it hasn't been tampered with during redirect (comparing the hash value against the at_hash attribute in ID Token)

    Also validate the signature of the ID Token using the Lloyds Banking Group public key obtained from the OBIE.

  7. Get Accounts

    You can use the Access Token to retrieve Accounts (bulk or specific). The following examples are from the Account and Transaction API Specification.

    Where the initial Access Token expires, you must obtain a new Access Token.

    curl --request GET \

    --key ./private-cert.key \

    --cert ./public-cert.pem \

    --carcert ./root-ca.pem \

    --compressed \

    --url {secure-domain}/prod01/lbg/lyds/open-banking/v3.1/aisp/accounts \

    --header 'accept: application/json; charset=UTF-8' \

    --header 'authorization: Bearer gktvoeyJhbGciOiJSUzI1NiIsImtpZCI6InE0LTIwMTctbTEtYm9zIn0.eyJpc3MiOiJsbG95ZHMiLCJ wcml2YXRlIjoiQUFJa01ETTVOREptWlRVdE9HTmlNaTAwTnpWbUxXSXdNVEl0TkRneVpqTT BaVEV4WXpJNXFhRWU5Z0RCQnAwbjBRQU9xRXo4Ti16UTYwbUhPOFZHU1BQTGhkajdzY jFMYV9wX05mYmJkSnQySHRZc0QyakRXMHdYaS13ZVhZV2s5aHhPSWZrb0d3dE9OamZo SU56RFMtYWFxLVlhaW1OWmFQbDMtd1MzUFdva0I0OG5WZW4wMF81NGczeU1zMEhlMk VhdUVhcEZlX3hTeEFRVGt2Q2NHWnhyRmRaWDVHRm9FUEh3UEFjUnptSWhpZ3NZczNiRn RsWkVmR0V3dURTU1V0SWpRQVAzU1ZNNmJxd1ZJQThab3hwazVvRnptWEJLMUl1dHppS 0pMX0IwN0ZhYldHOE5qaWtUWHREcXFudDNLbVVhNjVac2dGT3BZT2VUQUFXTkdmdnBK MDhZRnV2MnhvOVRjcmRlejYxdjZCSFBaZkdpLW9tMF9BUjk5NnZRSDJqOTZONE5XM0lNM 0VIWGpVZG9lMWpoU0ZpcTc4eGhxWXU5MENicHhnSDJ4eng1Y2h6QlN1WHJNalY2VnVSZ2 ZMMUZoRXNZRjlTY1FKQlRuNmlIVjhLODZDQ0RtZGJuZjFGQjVybTNQWkZFdFZid0RCYmhB dmhQeXI4bkp6ei1lZkJnVzBrcWNnIn0.dmev3qQ4I14Vgps9Z7rjAJn31Zsepw8m15GWCqeSHL OvlGvbi2RS_uUdDpKAQg3aUpSvJUbffLP0RfG4RVLlYVI2vPlSKzO9L1eHZj7QM_S7p03g1cX CFowZye8IgWolBsVNd4MOIq9rQWHW3ywrS8Fx9S9tum7wIvn8tqIluQqLRa5c-oKthWW5uz66M8IHfrigeMCOYWsboG5uF0aKni20C1sLHGFWMDZU1M3n25bV0AZh7INvDoB 7EloIgr8IQiOZj0BSPKNtIDMGTXlixM8uVlW6eUJS3Z9dgvO7' \

    --header 'x-fapi-customer-ip-address: REPLACE_THIS_VALUE' \

    --header 'x-fapi-customer-last-logged-time: REPLACE_THIS_VALUE' \

    --header 'x-fapi-financial-id: REPLACE_THIS_VALUE' \

    --header 'x-fapi-interaction-id: REPLACE_THIS_VALUE'

    URL

    Parameter Example Value Description
    secure-domain

    OBWAC:

    https://secure-api.lloydsbank.com

    OBWAC, QWAC:

    https://secure-api-eidas.lloydsbank.com/

    Please refer to the Other Useful Information section for all brand specific domains
     

    Certs

    Parameter Example Value Description
    CACert Combination of Root & Intermediate Must provide in the request if the QWAC transport certs are being used. However, this is optional for the OBWAC, OB Transport.
     

    Headers

    Parameter Example Value Description
    authorization

    Bearer
    gktvoeyJhbGciOiJSUzI1NiIsImtpZCI6InE0 LTIwMTctbTEtYm9zIn0.eyJpc3MiOiJsbG9 5ZHMiLCJwcml2YXRlIjoiQUFJa01ETTVO REptWlRVdE9HTmlNaTAwTnpWbUxXSX dNVEl0TkRneVpqTTBaVEV4WXpJNXFh RWU5Z0RCQnAwbjBRQU9xRXo4Ti16UT YwbUhPOFZHU1BQTGhkajdzYjFMYV9w X05mYmJkSnQySHRZc0QyakRXMHdYa S13ZVhZV2s5aHhPSWZrb0d3dE9OamZ oSU56RFMtYWFxLVlhaW1OWmFQbDMt d1MzUFdva0I0OG5WZW4wMF81NGcze U1zMEhlMkVhdUVhcEZlX3hTeEFRVGt2 Q2NHWnhyRmRaWDVHRm9FUEh3UEFj UnptSWhpZ3NZczNiRnRsWkVmR0V3dU RTU1V0SWpRQVAzU1ZNNmJxd1ZJQTh ab3hwazVvRnptWEJLMUl1dHppS0pMX0I wN0ZhYldHOE5qaWtUWHREcXFudDNL bVVhNjVac2dGT3BZT2VUQUFXTkdmdn BKMDhZRnV2MnhvOVRjcmRlejYxdjZCS FBaZkdpLW9tMF9BUjk5NnZRSDJqOTZ ONE5XM0lNM0VIWGpVZG9lMWpoU0Zp cTc4eGhxWXU5MENicHhnSDJ4eng1Y2h 6QlN1WHJNalY2VnVSZ2ZMMUZoRXNZ RjlTY1FKQlRuNmlIVjhLODZDQ0RtZGJuZ jFGQjVybTNQWkZFdFZid0RCYmhBdmh QeXI4bkp6ei1lZkJnVzBrcWNnIn0.dmev3q Q4I14Vgps9Z7rjAJn31Zsepw8m15GWCq eSHLOvlGvbi2RS_uUdDpKAQg3aUpSvJ UbffLP0RfG4RVLlYVI2vPlSKzO9L1eHZj7 QM_S7p03g1cXCFowZye8IgWolBsVNd4 MOIq9rQWHW3ywrS8Fx9S9tum7wIvn8tq IluQqLRa5coKthWW5uz66M8IHfrigeMCOYWsboG5u F0aKni20C1sLHGFWMDZU1M3n25bV0A Zh7INvDoB7EloIgr8IQiOZj0BSPKNtIDMG TXlixM8uVlW6eUJS3Z9dgvO7- LxJrphDeg26ZrYQyMFDxVXjA8VmP2KB 0lnDggbvLwrHkw

    The token obtained in step 5
     

REFRESH TOKEN

When the TPP makes the token call to exchange the Access code for Access token using Authorization Code Grant Type, they get back a Refresh Token in addition to the Access Token. This Refresh Token is valid for 365 days and Access Token itself is valid for 90 days . TPPs will need to ensure that they make the token call with Refresh Token Grant Type to exchange the Refresh Token to get a new Access token and Refresh token before the existing Refresh Token expires to avoid customer having to complete a re-authentication journey. Refresh tokens are one time use tokens and each time the TPP uses it, they will receive a new set of Access and Refresh tokens.

Refresh Token is only available for consumers of Accounts and Transactions, Confirmation of Funds, and Variable Recurring Payment APIs.

curl -k -X POST \

--key ./private-cert.key \

--cert ./public-cert.pem \

--cacert ./ca-cert.pem \

--url {secure-domain}/prod01/lbg/lyds/mtls-token-api/v1.1/token \

--header 'accept: application/json' \

--header 'cache-control: no-cache' \

--header 'content-type: application/x-www-form-urlencoded' \

--data 'grant_type=refresh_token&client_id=c1d81a9a-609a-47be-9363-8fa038b987da&refresh_token=AAImRuf QlWgaSyEiT6aw-0MhiivaI5daPew3iL9ulWrYkcHVZ-ZutghJ86mRdxLL6NuKKswePJwGWYqXR21TtqETu-v0Xeov1iqJrHiqYFP65pwh6FUbIdTG3nLJ5MKAzmCda6ZfCBW6gYo0eGKBd-qBC9CU35WV8zLLWtSXk83IGuvYtJemxUyh1P_vpNGEQXzMfCr7K4jiJmqyuETT-FyLRPv495gvPAszcyDfHCciYvaQTgfiCcmvI_WOa6kImepD87Bcep1DHbV8dm6wcPSXxkbmT kw2UsNgpWhkNAGKjzvkgt7LW2akF0IizRLFtpyV-CbgiTw2yBeBR_kRMHTT6vR7yzZgLzWAgWHIqOSxPEbaAHW6uIeZgcfSb4CkURs251sxeQtn udJRFywd-0PQxNHweVBu9mDmlogGCF_PvmMb71OwyAGBBlm7oTGd4afIS_h0-i5_ByNtnBhu_d4sn0U2cN'

URL

Parameter Example Value Description
secure-domain

Example Value:

OB Transport, OBWAC:

https://secure-api.lloydsbank.com

OBWAC, QWAC:

https://secure-api-eidas.lloydsbank.com/

Please refer to the Other Useful Information section for all brand specific domains
 

Certs

Parameter Example Value Description
CACert

Combination of Root & Intermediate

 Must provide in the request if the QWAC transport certs are being used. However this is optional for the OBWAC, OB Transport.
 

Data

Parameter Example Value Description
grant_type refresh_token The grant type being requested
client_id c1d81a9a-609a-47be-9363-8fa038b987da The Client ID of your application registered in the developer portal
refresh_token AAImRufQlWgaSyEiT6aw0MhiivaI5daPew3iL9ulWrYkcH VZZutghJ86mRdxLL6NuKKsweP JwGWYqXR21TtqETuv0Xeov1iqJrHiqYFP65pwh6FU bIdTG3nLJ5MKAzmCda6ZfCB W6gYo0eGKBdqBC9CU35WV8zLLWtSXk83I GuvYtJemxUyh1P_vpNGEQXz MfCr7K4jiJmqyuETTFyLRPv495gvPAszcyDfHCciY vaQTgfiCcmvI_WOa6kImepD8 7Bcep1DHbV8dm6wcPSXxkb mTkw2UsNgpWhkNAGKjzvkgt 7LW2akF0IizRLFtpyVCbgiTw2yBeBR_kRMHTT6vR 7yzZgLzWAgWHIqOSxPEbaA HW6uIeZgcfSb4CkURs251sxe QtnudJRFywd0PQxNHweVBu9mDmlogGCF _PvmMb71OwyAGBBlm7oTG d4afIS_h0- i5_ByNtnBhu_d4sn0U2cN' Refresh token received with the previous Access token
 

CUSTOMER CONSENT

Consent Authorise Endpoints

The below table describes all the Authorisation endpoints required to initiate the customer consent process. Consent authorisation endpoints are segment and brand specific e.g. https://authorise-api.lloydsbank.co.uk/prod01/lbg/lyds/personal/mtls-token-api/v1.1/authorize is for the Lloyds brand and the Retail segment

Segment Segment specific authorise_endpoint
Personal

For Authentication method tls_client_auth:

Lloyds Bank

https://authorise-api.lloydsbank.co.uk/prod01/lbg/lyds/personal/mtls-token-api/v1.1/authorize

Bank of Scotland

https://authorise-api.bankofscotland.co.uk/prod01/lbg/bos/personal/mtls-token-api/v1.1/authorize

Halifax

https://authorise-api.halifax-online.co.uk/prod01/lbg/hfx/personal/mtls-token-api/v1.1/authorize

MBNA

https://authorise-api.mbna.co.uk/prod01/lbg/mbn/personal/mtls-token-api /v1.1/authorize
Business

For Authentication method tls_client_auth:

Lloyds Bank

https://authorise-api.lloydsbank.co.uk/prod01/lbg/lyds/business/mtls-token-api/v1.1/authorize

Bank of Scotland

https://authorise-api.bankofscotland.co.uk/prod01/lbg/bos/business/mtls-token-api/v1.1/authorize
Commercial

For Authentication method tls_client_auth:

Lloyds Bank

https://authorise-api.lloydsbank.co.uk/prod01/lbg/lyds/commercial/mtls-token-api/v1.1/authorize

Bank of Scotland

https://authorise-api.bankofscotland.co.uk/prod01/lbg/bos/commercial/mtls-token-api/v1.1/authorize

Note: App to App functionality is not supported for Lloyds Bank and Bank of Scotland Commercial customers.
 

Customer Consent Variations

There are several important implementation variations relating to our customer consent process that TPPs should be aware of. These are detailed in the table below:

Exception Description
Re-authorisation of consent

Article 10A exemptions will apply; this means for an active consent no further SCA is required for balance and transaction requests. LBG will apply SCA if requested by the AISP for the purpose of responding with transaction data sets beyond 90 days and/or other AIS endpoints (other than balance), or where objective reasons allow LBG to ‘step-up’ such as fraud management.

When an access token, which has a validity of 90 days, expires, then the TPP can request for a new access token by using a refresh token that is issued along with the access token when a consent is authorised. The customer will not be required to do a reauthentication for the TPP to get a new access token.

However, if the refresh token, which has a validity of 365 days, is also expired, then the TPP will need to initiate a reauthentication to get a fresh set of access and refresh tokens.

Please note:

When an account is closed, it can take up to 24hrs for the account holding record to b e fully updated to all of our systems. During this period of synchronisation, it is technically possible for a customer to initiate a re-authentication, however given the actual account is closed we will not share balance or transaction data, nor would it be possible to execute a payment.
Customer journey timeouts The timeout period for a customer undertaking an AISP, a PISP or a CoF journey is 20 minutes from the start of session, however the timeout also happens in case of 10 minutes of inactivity during this 20 minutes period. At the point of the timeout, the user will be redirected to the bank’s public site.
Abandoned customer journeys If during an AISP, a PISP or a CoF journey, a customer closes the browser by mistake, the customer will have to start the journey afresh with the TPP.
Suspended customer consents We are able to suspend and reactivate customer consents to TPPs, on a customer's behalf.

Redirect Errors

As per the OBL requirement for V4.0, whenever an error occurs when a PSU is redirected to ASPSP to complete authentication and there is an error, ASPSP will return error_description in the ISO code format along with the error in the redirect URL. This is an optional requirement from OBL.

Example of Current redirect url

Redirect_URI#state=stateFromRequest&error={{}}

Redirect_URI#state=stateFromRequest&error=access_denied

Example of Redirect url going forward

Redirect_URI#state=stateFromRequest&error={{}}&error_description={{}}

Redirect_URI#state=stateFromRequest&error=access_denied&error_description=U033

As defined in OBL requirement ISO code - U033 = Authorisation failed

 

APP TO APP

The following section contains useful information for TPPs who wish to initiate App to App re-direction for Lloyds Banking Group Mobile apps.

OVERVIEW

App to App enables TPPs to the initiate the Authorisation and Consent journey via the Lloyds Banking Group Personal and Business Banking mobile applications. This allows the TPP to redirect a user from the TPP application (in a mobile web browser or mobile app) to the Lloyds Banking Group mobile application installed on the user’s device and deep link the user into the Lloyds Banking Group mobile application login screen. The user is then authenticated on their Lloyds Banking Group mobile application using the same credentials/methods as normally used when the user logs into their account using the application (e.g. biometric). In the scenarios where the user does not have the Lloyds Banking Group mobile application installed, they will be redirected to the Lloyds Banking Group browser journey as normal. In the scenarios where the user does not have the Lloyds Banking Group mobile application installed, they will be redirected to the Lloyds Banking Group browser journey as normal.

APP TO APP IMPLEMENTATION

There is no additional changes required by the TPP to implement App to App. The consent authorisation endpoints listed in Section 7 will automatically re-direct customers to the relevant Lloyds Banking Group mobile app. If TPPs support a desktop journey only then the authorisation endpoints in Section 7 will continue to re-direct customers to the Lloyds Banking Group desktop consent authorisation journey.

App to App Variations

Notable implementation variations relating to App to App and Browser to App.

Commercial Journeys App to App functionality is not supported for Lloyds Bank and Bank of Scotland Commercial customers.
Android Users When non-Chrome browsers (like Samsung browser or Firefox browser) are used to perform the journey and/or are default browsers in the phone, they don’t let the universal link open the native application, even if the native application is already installed. They force the user to stay in the browser journey. To enable the journey to continue in the native app, “Open links in native app” setting must be enabled in these browsers or Chrome browser, which always works with universal links, should be used.
 

ACCOUNT AND TRANSACTION SERVICES

This section provides an overview of how to use our Account and transaction Services APIs. It is intended to help AISPs integrate applications and services with our APIs and details scope and any variations from Open Banking API specifications.

This detail should be read in conjunction with Open Banking Specifications and our API Products:

  • Account and Transaction API Specification can be found here: v3.10 and v4.0
  • API Products can be found here : here

Account and Transaction Scope

The below table details the Account and Transaction Services that are supported by Lloyds Banking Group across our Channels and Products.

These are available to use to request Account and Transaction from Current and Savings accounts on our core brands Lloyds Bank, Bank of Scotland, Halifax (Retail only). In addition, we also support our core brands and MBNA brand for Retail Credit Cards.

Account and Transaction Endpoints Retail Business Commercial
Current Account Savings Account Credit Cards Current Account Savings Account Credit Cards Current Account(Sterling) Current Account(Non-Sterling)
Account Access Consent
Accounts
Balances
Transactions
Beneficiaries(Domestic)    
Beneficiaries(International)        
Direct Debit
Standing Order      
Products        
Offers            
Parties  
Schedule Payments    
Statements        

Account Access Consent Variations

In addition to all mandatory fields defined in Account and Transaction API specifications, the following optional fields have also been implemented.

Name Current Accounts Saving Accounts Credit Cards Accounts
OBReadConsesntResponse1.Data
ConsentId
Account Request Id  
Status
CreationDateTime
StatusUpdateDateTime
Permissions
ExpirationDateTime
TransactionFromDateTime
TransactionToDateTime

ACCOUNTS VARIATIONS

In addition to all mandatory fields defined in Account and Transaction API specifications, the following optional fields have also been implemented.

Name Current Accounts Saving Accounts Credit Cards
Data.Account
AccountId
Currency  
AccountCategory
AccountTypeCode
Maturity Date    
NickName  
Opening Date
SwitchStatus    
Data.Account.Account
SchemeName
Identification
Name

There are several important implementation variations that AISPs should be aware of. These are detailed in the table below.

Endpoints Description
GET /accounts
GET /accounts/{AccountId}

Field name “SwitchStatus”

Field will be returned and populated with the value UK.CASS.SwitchCompleted only when an account has been switched out to a different bank. Applicable for retail and business current accounts.
GET /accounts
GET /accounts/{AccountId}

Field name “Name”

The account name displayed for different customer segments are given below

  • Retail: This will be the name of the person who owns the account.
  • Business (O4B): This field will be the legal entity name of the business that owns the account.
  • Commercial (CBO): This will be the name that the account holder gave the account when they opened the account.

BALANCES VARIATIONS

In addition to all mandatory fields defined in Account and Transaction API specifications, the following optional fields have also been implemented.

Name Current Accounts Saving Accounts Credit Cards
Data.Account
AccountId
CreditDebitIndicator
DateTime
Type
Data.Balance.Amount
Amount
Currency
Data.Balance.CreditLine
Included
Type
Data.Balance.CreditLine.Amount
Amount
Currency

There are several important implementation variations that AISPs should be aware of. These are detailed in the table below.

Endpoints Description
GET /accounts/{AccountId}/balances

High Cost of Credit: Field name “Type”

Due to High Cost of Credit (HCC) regulatory requirements the ‘Available’ balance (balance including pending transactions) returned by the /balance endpoint will no longer include the pre-agreed credit (overdraft) the account may have. The ‘Available’ balance shown to the customer in the PISP consent journeys will also change in line with these requirements. In addition, to align with our online channels we will be removing the ‘Credit’ and ‘Available’ optional fields from the Credit line sub section of the /balance endpoint. These changes will only apply to PCAs and BCAs
GET /accounts/{AccountId}/balances

Field name “Amount”

The credit line amount returned for commercial customers who are registered for LBG CBO (Commercial Banking Online) channel are of advisory value only as it may not reflect the complex overdraft and credit facilities available to these customers.

TRANSACTIONS\ VARIATIONS

In addition to all mandatory fields defined in Account and Transaction API specifications, the following optional fields have also been implemented.

Name Current Accounts Saving Accounts Credit Cards
Data.Transaction
AccountId
TransactionReference
Amount
Currency
CreditDebitIndicator
Status
BookingDateTime
ValueDateTime
TransactionInformation
AddressLine  
Data.Transaction.Amount
Amount
Currency
Data.Transaction.BankTransactionCode  
Code  
SubCode  
Data.Transaction. ProprietaryBank TransactionCode
Code
Issuer
Data.Transaction. Balance  
Amount  
Currency  
CreditDebitIndicator  
Type  
Data.Transaction. MerchantDetails  
MerchantName  
MerchantCategoryCode  
Data.Transaction. CardInstruments    
CardSchemeName    
Authorisation Type    

There are several important implementation variations that AISPs should be aware of. These are detailed in the table below.

Endpoints Description
/account/{AccountID}/Transactions

Transactions exception

For the following transaction there will be two records provided to TPP:

  • Cheque transactions (identified by Transaction Code "CHQ") that are currently pending.
  • Combined Cash + Cheque transactions (identified by Transaction Code "DEP") where the cheque amount is currently pending

A "pending" record - for this record LBG will apply the "Value Date" to the "Booking Date" field.

A "booked" record - for this record LBG will apply the "Booking Date" to the "Value Date" field.
/account/{AccountID}/Transactions

Partial Transactions

No partial transaction data will be provided to TPPs. Instead, the TPP will be sent a 400 response.
/account/{AccountID}/Transactions

Transaction reference

"TransactionReference" will only be provided for posted transactions that have Transaction Code "FPO".
/account/{AccountID}/Transactions

Transaction date and Time

Though we comply to the full ISO date time formats, Transaction “from” and “To” booking dates with time segment set can be subject to date roll which could affect the set of transactions served
/account/{AccountID}/Transactions

Credit card Transactions

Credit cards only

Transactions are returned in a reversed chronological order. However, if the statement is created with payments pending, they will be posted in the following statement period and may appear out of sequence

Business Credit card

In addition to credit cards, for business credit card posted transaction, which are posted will be displayed starting with Primary card transactions followed by Subsidiary cards transactions and transactions within Primary card and subsidiary card will be displayed in reverse chronological order.
/accounts/{AccountId}/Transactions

Merchant category code

The merchant category code for balance transfer and money transfer will not be returned to the TPP as these are used only for internal processing.

BENEFICIARIES VARIATIONS

In addition to all mandatory fields defined in Account and Transaction API specifications, the following optional fieldshave also been implemented.

Name Current Available
Data.Beneficiary
AccountId
BeneficiaryId
Reference
Data.Beneficiary.SupplementaryData
Data.Beneficiary.CreditorAccount
SchemeName
Identification
Name
Data.Beneficiary.CreditorAgent
SchemeName
Identification
Name
Data.Beneficiary.CreditorAgent.PostalAddress
Country
AddressLine
Data.Beneficiary.SupplementaryData

There are several important implementation variations that AISPs should be aware of. These are detailed in the table below.

Endpoints Description
/accounts/{AccountId}/beneficiaries

Display order for beneficiaries

Beneficiaries are returned in the following order

  • Domestic beneficiaries
  • International beneficiaries
  • BACS beneficiaries

Domestic beneficiaries will be displayed in one page. When the last domestic beneficiary is displayed or where no domestic beneficiaries are available, selection of the next link will display international beneficiaries where available. When the last international beneficiary is displayed or where no international beneficiaries are available, selection of the next link will display BACS beneficiaries where available. Once the last record is displayed or where no record is available, the next link will not be presented

The beneficiaries endpoint response may include the same beneficiary listed under both domestic and BACS beneficiaries for a given Account ID.
/accounts/{AccountId}/beneficiaries

Beneficiary postal address

This will contain the Beneficiary Address for the International Beneficiaries
/accounts/{AccountId}/beneficiaries

Field name “Name”

Name of the account, as assigned by the account servicing institution, in agreement with the account owner to provide an additional means of identification of the account.

Usage: The account name is different from the account owner name. The account name is used in certain user communities to provide a means of identifying the account, in addition to the account owner's identity and the account number.
/accounts/{AccountId}/beneficiaries

Field name "SchemeName”

Name of the identification scheme, in a coded form as published in an external list
/accounts/{AccountId}/beneficiaries

Beneficiary

This includes Domestic, BACS and International beneficiaries for Commercial accounts.

All beneficiaries returned in this endpoint are “trusted” beneficiaries.

DIRECT DEBITS VARIATIONS

In addition to all mandatory fields defined in Account and Transaction API specifications, the following optional fieldshave also been implemented.

Name Current Available
Data.DirectDebit
AccountId
DirectDebitStatusCode
Name
PreviousPaymentDateTime
Data.DirectDebit.MandateRelatedInformation
MandateIdentification
Data.DirectDebit.MandateRelatedInformation.Frequency
Type
Data.DirectDebit.PreviousPaymentAmount
Amount
Currency

There are several important implementation variations that AISPs should be aware of. These are detailed in the table below.

Endpoints Description
GET/accounts/{Accountid}/direct- debits

Commercial CBO

Maximum of 500 direct debit for commercial (CBO) customers per account are returned. For more information about Direct Debits not shown please visit our Support Centre.

STANDING ORDERS VARIATIONS

In addition to all mandatory fields defined in Account and Transaction API specifications, the following optional fieldshave also been implemented.

Name Current Available
Data.StandingOrder
AccountId
NextPaymentDateTime
StandingOrderStatusCode
Data.StandingOrder.CreditorAccount
SchemeName
Identification
Name
Data.StandingOrder.CreditorAgent
SchemeName
Identification
Name
Data.StandingOrder.FinalPaymentAmount
Amount
Currency
Data.StandingOrder.FirstPaymentAmount
Amount
Currency
Data.StandingOrder.MandateRelatedInformation.Frequency
Type
Data.StandingOrder.NextPaymentAmount
Amount
Currency
Data.StandingOrder.RemittanceInformation

There are several important implementation variations that AISPs should be aware of. These are detailed in the table below.

Endpoints Description
GET /accounts/{AccountId}/standing-orders

Commercial CBO

Maximum of 500 standing orders for commercial (CBO) customers per account. For more information about Standing Orders not shown please visit our Support Centre.

PRODUCTS VARIATIONS

In addition to all mandatory fields defined in Account and Transaction API specifications, the following optional fieldshave also been implemented.

Name Current Available
Data.Product
ProductId
ProductName
SecondaryProductId
Data.Product.PCA.ProductDetails
ProductDetails
CreditInterest
Overdraft
CreditInterest.TierBandSet
TierValueMax
OtherFeesCharges
Data.Product.BCA.ProductDetails
CreditInterest
Overdraft
OtherFeesCharges
Data.Product.OtherProducts Type
OtherProductType
Name
Description
MaturityDate
Data.Product.BCA.CreditInterest
Calculation Method
Destination
TierValueMaximum
DepositInterestAppliedCoverage
BankInterestRateType
BankInterestRate (O)

There are several important implementation variations that AISPs should be aware of. These are detailed in the table below.

Endpoints Description

/account/{AccountID}/Product

OBReadProduct2/Data/Product/PCA

Supplementary product information

Supplementary product information and links to Terms and Conditions are provided in ‘Notes’ field. This contains important details about conditions that apply to accounts, and about thresholds for credit interest

This data should be published alongside product details to ensure that products are presented clearly and do not mislead customers

/account/{AccountID}/Product

OBReadProduct2/Data/Product/PCA

Segment field

Optional “Segment” field is provided for PCA only to help provide account comparison.

/account/{AccountID}/Product

OBReadProduct2/Data/Product/PCA
OBReadProduct2/Data/Product/BCA

Overdraft

Details of overdrafts will only be published if the customer currently uses the overdraft facility available on their account

Details about overdraft rates, fees & charges. Provided where applicable.

/account/{AccountID}/Product

OBReadProduct2/Data/Product/PCA
OBReadProduct2/Data/Product/BCA

CreditInterest

Details about the interest that may be payable to the PCA, BCA account holders. Provided where applicable.

/account/{AccountID}/Product

OBReadProduct2/Data/Product/PCA

TierBandMethod

The methodology of how overdraft is charged. It can be

  • 'Whole’ Where the same charge/rate is applied to the entirety of the overdraft balance (where charges are applicable).
  • 'Tiered' Where different charges/rates are applied dependent on overdraft maximum and minimum balance amount tiers defined by the lending financial organisation.
  • 'Banded' Where different charges/rates are applied dependent on overdraft maximum and minimum balance amount bands defined by a government organisation.

/account/{AccountID}/Product

OBReadProduct2/Data/Product/PCA

Field name “TierValueMin”

Minimum value of Overdraft Tier/Band

/account/{AccountID}/Product

OBReadProduct2/Data/Product/PCA

Field name “TierValueMax”

Maximum value of Overdraft Tier/Band

/account/{AccountID}/Product

OBReadProduct2/Data/Product/PCA

Field name “EAR”

EAR means Effective Annual Rate and/or Equivalent Annual Rate (frequently used interchangeably), being the actual annual interest rate of an Overdraft.

/account/{AccountID}/Product

OBReadProduct2/Data/Product/PCA
OBReadProduct2/Data/Product/BCA

OtherFeesCharges

Contains details of fees and charges which are not associated with either borrowing or features/benefits. Provided where applicable.

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

OtherProductType

Other Product type will contain only Savings accounts. The values returned will be either Personal Savings Account or Business Savings Account.

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

TierBandMethod

The methodology of how credit interest is paid/applied.

  • Whole (INWH) - The same interest rate is applied irrespective of the PSA/BSA balance.
  • Tiered (INTI) - Interest rates are tiered i.e., increasing rate for each tier as balance increases, but interest paid on tier is fixed for that tier and not on whole balance.
  • Banded (INBA) - Interest rates are banded i.e., increasing rate on whole balance as balance increases

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

Field name “Name”

Long name associated with the product

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

Field name “Description”

Description of the Product associated with the account

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

Field name “MaturityDate”

Maturity date for the account

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

Field name “Calculation Method”

Methods of calculating interest.

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

Field name “Destination”

Describes whether accrued interest is payable only to the PSA/BSA or to another bank account.

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

Field name “TierValueMinimum”

Minimum deposit value for which the credit interest tier applies.

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

Field name “TierValueMaximum”

Maximum deposit value for which the credit interest tier applies.

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

Field name “Applicationfrequency”

How often interest is applied to the PSA/BSA for this tier/band i.e. how often the financial institution pays accumulated interest to the customer's PSA/BSA

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

Field name “DepositInterestAppliedCoverage”

Amount on which interest is applied

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

Field name “FixedVariableInterestRateType”

Type of interest rate i.e. variable

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

Field name “AER”

The annual equivalent rate (AER) is interest that is calculated under the assumption that any interest paid is combined with the original balance and the next interest payment will be based on the higher account balance. Overall, this means that interest can be compounded several times in a year depending on the number of times that interest payments are made.

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

Field name “BankInterestRateType”

Interest rate types, other than AER, which financial institutions may use to describe the annual interest rate payable to the PSA/BSA

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

Field name “BankInterestRate (O)”

Bank Interest for the PSA/BSA product

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

Field name “Overdraft arrangements”

Lloyds Banking Group have provided supplementary product information in the ‘Notes’ field. This contains important details about conditions that apply to accounts.

This data should be published alongside product details to ensure that products are presented clearly and do not mislead customers.

Please find below the breakdown of the information provided and the section to which it applies:

“Please be aware:

The information provided reflects a normal Credit Interest arrangement.”

- Applies to: ‘CreditInterest’ array.

“Overdraft arrangement fees may apply.”

- Applies to: ‘Overdraft’ array. Due to technical constraints, Lloyds Banking Group are unable to provide account-specific data in relation to Overdraft arrangement fees.

“The first time you go overdrawn, without an agreed overdraft facility, or exceed your agreed limit with us by £50 or more, you may be charged an Unauthorised Borrowing Fee (UBF) of £15. After that, the UBF is applied every time you increase your unauthorised borrowing by £50 or more from the previous day’s closing balance, unless a higher limit is agreed with us or until the account is within its existing limit or in credit.”

- Applies to: ‘Overdraft’ array. The above describes additional detail with regards to the application of the “UnauthorisedBorrowing” fee.

“The Account Monthly Fee provided is the standard value associated with this product.”

- Applies to: ‘OtherFeesCharges’ array.

- The above relates to the value provided as the “ServiceCAccountFeeMonthly” fee.

OFFERS VARIATIONS

In addition to all mandatory fields defined in Account and Transaction API specifications, the following optional fieldshave also been implemented.

Name Current Available
Data.Offers  
OfferId
OfferType
Description
StartDateTime
EndDateTime
Rate
Term

PARTIES VARIATIONS

In addition to all mandatory fields defined in Account and Transaction API specifications, the following optional fieldshave also been implemented.

Name Current Available
Data.Party
PartyType
Full Legal Name
Legal Structure

SCHEDULED PAYMENTS VARIATIONS

In addition to all mandatory fields defined in Account and Transaction API specifications, the following optional fieldshave also been implemented.

Name Current Available
Data.ScheduledPayment  
ScheduledPaymentId
Reference
DebtorReference
Data.ScheduledPayment.CreditorAccount
Name

There are several important implementation variations that AISPs should be aware of. These are detailed in the table below.

Endpoints Description
/accounts/{AccountId}/scheduled payments

BACS schedule payments

BACS Scheduled Payments will be available for Lloyds Bank and Bank of Scotland business accounts only.

STATEMENTS VARIATIONS

In addition to all mandatory fields defined in Account and Transaction API specifications, the following optional fieldshave also been implemented.

Name Current Available
Data.Statement
StatementId
StatementDescription
{StatementID}/File

There are several important implementation variations that AISPs should be aware of. These are detailed in the table below.

Endpoints Description

/accounts/{AccountId}/statements

/accounts/{AccountId}/statements/{StatementId}/file

In scope statements Endpoints

Lloyds Banking Group has implemented these two endpoints for statements
/accounts/{AccountId}/statements

Business Credit Card

CSV file is available only for the Business Credit Cards and for last 6 months.

PROPRIETARY BANK TRANSACTION CODES

Lloyds Banking Group supports the following Proprietary Bank Transaction Codes:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Proprietary Bank Transaction Code
Text Description
A-AAC
ACCRUE ANCILLARY CHARGES
A-AALT
TRANSFER OF PRODUCT/TARIFF WITH CHARGING
A-AB
AMEND AVERAGE BALANCE
A-ABL
AMEND ACTION BALANCE
A-AC
MORTGAGE ARREARS/CREDIT AMENDMENT
A-ACB
AMEND CLEARED AVERAGE BALANCE
A-ACC
AMEND ACCRUED CHARGES
A-ACD
AMEND AUTOMATED CREDIT DECISIONS
A-ACN
AMEND AMOUNT OF COINS
A-ACO
AMD CHQ & CREDIT BOOK PERSONALISATN DETS
A-ALT
TRANSFER OF PRODUCT/TARIFF WITHOUT CHGS
A-ANA
AMEND NAME/ADDRESS FOR ACCOUNT
A-ANT
AMEND AMOUNT OF NOTES
A-AUD
AMEND ACCOUNT USAGE DETAILS
A-BID
AMEND BESPOKE INTEREST DETAILS
A-BRI
AMEND EOD BALANCE REPORT INDICATOR
A-BT
AMEND BUSINESS TYPE
A-CBL
AMEND CREDIT BALANCE LIMIT
A-CCD
AMEND A/C ANNIV/CUS SELECTED DATE DETAIL
A-CCT
AMEND COUNT OF CREDIT TRANSACTIONS
A-CDCP
COMPROMISED PIN
A-CDO
ATM DEPOSIT ACCOUNT NUMBER ENQUIRY
A-CDT
AMEND COUNT OF DEBIT TRANSACTIONS
A-CGS
AMEND DEFERRED CHARGES
A-CHGD
AMEND CHARGEABLE DAYS
A-CNA
AMEND CUSTOMER NAME/ADDRESS
A-COW
AMEND COUNT OF WITHDRAWALS
A-CSR
APPLICATION RESULT REVERSAL
A-CT
AMEND CREDIT TURNOVER
A-CUD
AMEND CUSTOMER DECISION TRAILER
A-CUS
AMEND BASIC CUSTOMER DETAILS
A-DBL
AMEND SPEEDBANK PREFERENCE
A-DCD
CARD DETAILS AMENDMENT
A-DCL
AMEND BANKCARD LIMITS
A-DCR
ISSUE DEBIT CARD RENEWAL
A-DCVS
CARD LOST/STOLEN
A-DDC
DECLINE CARD
A-DDM
AMEND DIRECT DEBIT MANDATE
A-DEC
ACKNOWLEDGE DECLINE
A-DLW
AMEND DATE OF LAST WITHDRAWAL
A-DT
AMEND DEBIT TURNOVER
A-FBI
AMEND FAMILY BONUS INTEREST
A-FES
AMEND STOCK LEVEL
A-FMP
INTER CENTRE AUTOMATED DIRECT DEBIT
A-FO
AMEND FORMAL OVERDRAFT LOAN DETAILS
A-FOA
FORMAL OVERDRAFT AMEND
A-FOU
FORMAL OVERDRAFT LIMIT UPDATE
A-FTB
MORTGAGE FTB ADJUSTMENT
A-IC
AMEND ITEM COUNT
A-IDCP
ISSUE PIN
A-IGI
AMEND EARNED INTEREST - CAIS
A-IGO
AMEND OVERDRAFT INTEREST/CHARGES - CAIS
A-INS
AMEND INSURANCE INDICATOR
A-INT
AMEND EARNED INTEREST
A-INT
AMEND EARNED INTEREST (GENERATED)
A-INV
AMEND COUNTRY OF TRADING
A-IRC
INTEREST RATE/TAX RATE ADJUSTMENT
A-IRN
INTEREST RATE CHANGE NOTIFICATION
A-ISA
AMEND ISA DETAILS
A-IST
AMEND ISA TAX DETAILS
A-ITC
ISSUE TAX CERTIFICATE
A-ITM
ISSUE TESSA MATURITY CERTIFICATE
A-LB
AMEND LOWEST BALANCE
A-LFF
LOAN FULFILMENT
A-LIM
AMEND DEPOSIT/WITHDRAWAL LIMIT DETAILS
A-LIM
AMEND DEPOSIT/WDL & FOLLOW UP LIMITS
A-LIN
AMEND LIFE INSURANCE TYPE
A-LPD
AMEND LAST PASSBOOK PRESENTATION DATE
A-LTD
AMEND DATE OF LAST TRANSACTION
A-MAC
AMEND PERIODIC PAYMENTS OUT
A-MB
AMEND MINIMUM BALANCE
A-MBL
AMEND MAINTAINED BALANCE
A-MC
AMEND SUNRISE STATUS
A-MI
AMEND PERIODIC PAYMENTS IN
A-MKT
AMEND MARKETING CUSTOMER DETAILS
A-MNM
AMEND MINIMUM VALUE IN MONTH
A-MNP
AMEND MINIMUM VALUE IN PERIOD
A-MOR
AMEND MORTGAGE DETAILS
A-MPA
AMEND PROPERTY ADDRESS
A-MPI
AMEND PROPERTY INSURANCE
A-MWB
AMEND ACCOUNT MINIMUM WITHDRAWAL BALANCE
A-MXM
AMEND MAXIMUM VALUE IN MONTH
A-MXP
AMEND MAXIMUM VALUE IN PERIOD
A-NBG
AMEND NUMBER OF BANK GIRO CREDITS
A-NCQ
AMEND NUMBER OF CHEQUES
A-NIN
AMEND NATIONAL INSURANCE NUMBER
A-NIR
AMEND NOTIONAL INTEREST RATE
A-NMB
ACTIVATE NEW MONEY BONUS (SYSTEM)
A-NNT
AMEND NUMBER OF NOTES
A-NR
MORTGAGE NORMALISED PAYMENT ADJUSTMENT
A-NRD
NON RESIDENT DETAILS
A-ODC
ORDER CARD
A-ODI
AMEND ACCRUED/PRE-NOTIFIED OD INT CHGS
A-ODI
AMEND ACCRUED/PRE-NOTIFIED OD INT CHGS
A-OIC
AMEND ECONOMIC SECTOR
A-PIN
PROPERTY INSURANCE NOTIFICATION
A-PLN
AMEND PASSBOOK LINE NUMBER
A-PNC
AMEND PRE-NOTIFIED CHARGES
A-PPR
AMEND PPR ACCOUNT DATA
A-PRA
AMEND PRINCIPAL RESIDENTIAL ADDRESS
A-PSC
PRINTED CORRESPONDENCE SUPPRESSION STATU
A-PSS
AMEND PRINTED STATEMENT SUPPRESSION
A-RAD
REPLICATE ADDRESS DETAILS
A-RCD
AMEND REGULAR CONTRIBUTIONS DETAILS
A-RD
AMEND SET OFF REVIEW DATE
A-RDC
RE-ISSUE CARD
A-RMT
AMEND ACCOUNT TAX STATUS
A-RPC
REPLICATE CUSTOMER DETAILS
A-RSN
AMEND REASON FOR OVERDRAFT
A-RTD
REPLICATE TELEPHONE DETAILS
A-RTX
REPLICATE TAX DETAILS
A-SAR
AMEND SUSPENSION OF AUTOMATIC REPAYMENTS
A-SC
AMEND SERVICE CHARGES
A-SCB
AMEND CLEARED SUM OF DAILY BALANCES
A-SCN
AMEND SCF CUSTOMER NUMBER
A-SDB
AMEND SUM OF DAILY BALANCES
A-SDI
AMEND ACCUMULATED SUSPENDED DEBIT INT
A-SSG
PIN FOR REPLACEMENT CARD
A-SSP
CUSTOMER SELF SELECT PIN
A-STD
AMEND STD INDIVIDUAL CUSTOMER DETAILS
A-SWS
AMEND SWITCHING STATUS
A-TCI
AMEND TRANSACTION CHARGE VARIANCE IND
A-TCO
AMEND TRANSMISSION CHARGE OPTION
A-TCV
AMEND TRANSACTION CHARGE VARIANCE VALUE
A-TRI
AMEND TURNOVER RATE VARIANCE INDICATOR
A-TRV
AMEND TURNOVER RATE VARIANCE VALUE
A-TXA
AMEND ACCOUNT/CUSTOMER TAX DETAILS
A-TXD
AMEND TAX DETAILS
A-TXS
AMEND CUSTOMER/ACCOUNT TAX STATUS
A-TXS
AMEND CUSTOMER TAX RETURNS STATUS
A-TYP
AMEND CUSTOMER TYPE
A-UNC
PAPER CLEARING AUTHORISATION CONFIRMATIO
A-XAC
AMEND CROSS INTEREST AND CHARGES A/C NUM
A-YE
MORTGAGE YEAR END UPDATE
ACEFD
DELETE EARMARK (CMAS)
ACEFE
ENTER EARMARK (CMAS)
ACT
AUTOTELLER ACTIVATE
AE CW
ENQUIRY ON PRODUCT FROM SUBTYPE
AE PA
DEBIT INTEREST SUMMARY REQUEST
AE SP
COR EFTPOS STANDARD PURCHASE AUTH ONLY
AEPAR
ENQUIRY ON SUBTYPE FROM PRODUCT
AEPCB
ENQUIRY ON PRODUCT
AMD
AMEND TERM DEPOSIT SERIES
AMD
AMEND TERM DEPOSIT
AMD
SET UP/AMEND SPECIFIC PROVISION
AMD
AMEND LIABILITY VALUES
AMD
AMEND FROZEN BUSINESS CHARGE
AMD
TERM DEPOSIT INTERNAL AMENDMENT
AR-CAN
CANCEL AUTOMATED REQUEST
AR-ENQ
AUTOMATED REQUEST ENQUIRY
AR-IND
AUTOMATED REQUEST - REMOVE CHARGE
AR-IND
AUTOMATED REQUEST - DELETE ACCOUNT
AR-NEW
NEW AUTOMATED REQUEST
AV AR
VISA AUTHORISATION REQUEST
AVAEA
VISA AUTH COMPLETION CONFIRMATION
AVARA
VISA AUTHORISATION ADVICE
AVEFD
EARMARKS FUNDS DELETION (VISA)
AVEFE
EARMARKS FUNDS ENTER (VISA)
AVGAA
GENERATE AUTHORISATION CODE (VISA)
B-CBO
ORDER BRANCH CHEQUE OR CREDIT BOOK
B-CLA
BULK CLOSE NPAS (BRANCHES AND ADMIN)
B-CLB
BULK CLOSE NPAS (BRANCHES ONLY)
B-NDC
BULK TRANSFERS - NEW DEBIT CARD
B-NWA
BULK NEW NPAS (BRANCHES & ADMIN)
B-NWB
BULK NEW NPAS (BRANCHES ONLY)
BD-INA
BULK DELETE INDS (BRANCHES & ADMIN)
BD-INB
BULK DELETE INDICATORS (BRANCHES ONLY)
BGC
BANK GIRO CREDIT
BI-INA
BULK INSERT INDS (BRANCHES & ADMIN)
BI-INB
BULK INSERT INDICATORS (BRANCHES ONLY)
BNS
BONUS
BP
BILL PAYMENTS
BP-AMD
BILL PAYMENT AMEND (A/T)
BP-AMD
BILL PAYMENT AMEND (TELLER)
C-BAC
CLOSE ACCOUNT BY BACS CREDIT
C-BAC
CLOSE ACCOUNT BY BACS CREDIT HISTORY TXN
C-CHQ
CLOSE ACCOUNT BY CHEQUE
C-CHQ
CLOSE ACCOUNT BY CHEQUE HISTORY TXN
C-CSH
CLOSE ACCOUNT BY CASH
C-CSH
CLOSE ACCOUNT BY CASH HISTORY TXN
C-IAA
CLOSE BY TRANSFER TO INACTIVE ACCOUNTS
C-LN
FIXED INTEREST LOAN CLOSURE
C-LN
CLOSE FIL (EARLY SETTLEMENT)
C-LN
CLOSED FIL (DEATH OF BORROWER)
C-LN
CLOSE FIXED INTEREST LOAN (BAD DEBT)
C-MTG
MORTGAGE DELETION
C-STM
TAX RETURNS INTERNAL MOVEMENTS
C-TFR
CLOSE BY BRANCH TRANSFER
C-VIL
CLOSE VARIABLE INTEREST LOAN
C-VIL
CLOSE VARIABLE INTEREST LOAN HISTORY TXN
C-YEL
CLOSE YEAR END LEDGER
CAN
CANCEL TERM DEPOSIT
CAV AR
COR VISA AUTHORISATION
CHG
CHARGE
CHQ
CHEQUE(S)
CLO
TERM DEPOSIT CLOSURE
COM
COMMISSION
COR
CORRECTION
CP-RCC
COR DEBIT OF REPLACEMENT CARD CHARGES
CPT
CASHPOINT
CSH
CASH
CSQ
CASH/CHEQUE(S)
D-ATI
ACCOUNT TRANSFER IN CREDIT
D-ATO
ACCOUNT TRANSFER OUT CREDIT
D-BDG
DELETE BADGE ISSUE
D-BE
DELETE BADGE ISSUE
D-BLK
SYSTEM ESSENTIAL BULK CREDIT
D-BP
BILL PAYMENT CREDIT
D-BTI
BULK TRANSFER IN CREDIT
D-BTO
BULK TRANSFER OUT CREDIT
D-CAP
GROSS CREDIT INT TRANSFER CREDIT
D-CAP
NET CREDIT INT TRANSFER CREDIT
D-CAP
CREDIT OF CAPITALISED INTEREST - GROSS
D-CAP
CREDIT OF CAPITALISED INTEREST - NET
D-CAP
CREDIT OF CAPITALISED INTEREST
D-CC
DEPOSIT OF CREDIT CLEARING
D-CC
BANK GIRO CREDIT
D-CC
INTERBANK AUTOMATED SETTLEMENT
D-CC
RETURNED UNAPPLIED AUTO CREDIT
D-CC
BANK GIRO CREDIT (MORTGAGES)
D-CC
EXCHANGE CONTROL CREDIT TYPE 2
D-CC
EXCHANGE CONTROL CREDIT TYPE 1
D-CC
DIVIDEND/INT CREDIT WITHOUT TAX VOUCHER
D-CC
BUILDING SOCIETY INTEREST CREDIT
D-CF
DELETE CREAMING/FUNDING TRAILER
D-CHQ
DEPOSIT OF GENERAL CHEQUE
D-CHQ
PARTIAL CHEQUE ENCASHMENT
D-CHQ
FULL/PARTIAL CHEQUE ENCASHMENT
D-CHQ
FULL CHEQUE ENCASHMENT
D-CHQ
IMMEDIATE CHEQUE DEPOSIT
D-CIT
DEPOSIT OF CLEARINGS ITEMS
D-CLR
DEPOSIT OF PAPER CLEARING
D-CPY
DEPOSIT OF CREDIT PAYMENT
D-CPY
CREDIT OF CLOSED ACCOUNT CREDIT PAY-NET
D-CPY
CREDIT OF CLOSED A/C CREDIT PYMNT-GROSS
D-CPY
CREDIT PAYMENT - NET
D-CPY
CREDIT PAYMENT - GROSS
D-CRM
INTER-CENTRE CREAMING CREDIT RECIPIENT
D-CRM
CREAMING CREDIT (RECIPIENT)
D-CSH
DEPOSIT OF CASH
D-CSH
AT CASH TRANSFER IN
D-CSH
IMMEDIATE CASH DEPOSIT
D-CSH
SYSTEM CREDIT TO AN NPA
D-CSQ
DEPOSIT OF CASH/CHQ
D-CSR
DELETE APPLICATION RECORD
D-CUR
FOREIGN EXCHANGE PURCHASE
D-CUR
FOREIGN EXCHANGE PURCHASE (CASH)
D-CUS
CUSTOMER DELETION
D-DAA
BULK CREDIT FROM DAA
D-DRO
BRANCH CREDIT OUT CONTRA
D-DS
DIRECT SETTLEMENT VIA COUNTER
D-DTS
DEPOSIT OF DTS BY CASH
D-DTS
DEPOSIT OF DTS BY CHEQUE
D-DTS
DEPOSIT OF DTS WITH INTEREST BENEFIT
D-DTS
INTER-CENTRE DTS CREDIT
D-DTS
DTS CREDIT
D-DTS
DTS PAY THE SCHEME SEQ PASS
D-DTS
DTS CREDIT
D-DTS
EQUALISATION CREDIT (DTS)
D-DTS
EQUALISATION DEBIT (DTS)
D-FE
DEPOSIT OF FOREIGN EXCHANGE
D-FIG
CREDIT OF FAMILY BONUS INTEREST GROSS
D-FIL
DEPOSIT OF CASH TO FIL
D-FIN
CREDIT OF FAMILY BONUS INTEREST NET
D-FIT
DEPOSIT OF FINANCIAL ITEMS
D-FMR
FULL MORTGAGE REDEMPTION
D-FND
FUNDING CREDIT (RECIPIENT)
D-FP
FASTER PAYMENTS RETURN
D-FP
FASTER PAYMENTS CREDIT (CBS BENEFICIARY)
D-FST
FIXED SERVICE CHARGE TRANSFER CREDIT
D-GIR
DEPOSIT OF GIRO CREDIT
D-HSE
DEPOSIT OF HOUSE CHEQUE
D-IAA
DEPOSIT TO INACTIVE ACCOUNTS ACCOUNT
D-IAA
BULK CREDIT FROM IAA
D-ICC
INTER-BANK DEPOSIT OF CASH & CHQ
D-ICH
INTER-BANK DEPOSIT OF CASH
D-ICQ
INTER-BANK DEPOSIT OF CHEQUE
D-INS
PROPERTY INSURANCE - BORROWER
D-INS
PROPERTY INSURANCE CREDIT
D-INT
CREDIT OF CLOSED A/C INTEREST - GROSS
D-INT
CREDIT OF CLOSED A/C INTEREST - NET
D-INT
CREDIT OF CLOSED ACCOUNT INTEREST
D-INT
INTEREST DETAILS DELETION
D-LN
FIXED INTEREST LOAN CREDIT
D-LN
PERSONAL LOAN INITIAL CREDIT
D-LN
HOME IMPROVEMENT LOAN INITIAL CREDIT
D-LN
NCB MORTGAGE INITIAL CREDIT
D-LN
BUSINESS LOAN INITIAL CREDIT
D-LNK
LINK DELETION
D-LST
NBE AMALGAMATION CREDIT
D-MIP
MIP SYSTEM CREDIT TO NPA
D-MKI
DELETE MARKETING INDICATOR
D-NOW
DELETE NOTICE OF WITHDRAWAL TRAILER
D-NS
DEPOSIT OF POST OFFICE DIVIDENDS
D-NS
NATIONAL SAVINGS DIVIDEND - INTERNAL
D-NS
NATIONAL SAVINGS DIVIDEND - EXTERNAL
D-OID
DELETE OFFICER IDENTITY
D-OID
BRANCH-TO-BRANCH BROADCAST
D-OTH
DEPOSIT OF MISCELLANEOUS ITEMS
D-PEN
DEPOSIT OF PENSIONS BY CASH
D-PEN
DEPOSIT OF PENSIONS BY CHEQUE
D-PMR
PARTIAL MORTGAGE REDEMPTION
D-POL
CREDIT OF POOLED INTEREST - GROSS
D-POL
CREDIT OF POOLED INTEREST - NET
D-PRA
DELETE PRINCIPAL RESIDENTIAL ADDRESS
D-REP
MORTGAGE REPAYMENT
D-REP
MORTGAGE REPAYMENT CREDIT
D-SAL
DEPOSIT OF SALARIES BY CASH
D-SAL
DEPOSIT OF SALARIES BY CHEQUE
D-SAL
SALARY CREDIT
D-SAL
SALARY CREDIT
D-SAL
EQUALISATION CREDIT (SALARY)
D-SAL
EQUALISATION DEBIT (SALARY)
D-SC
SEPA DD CREDIT
D-SDR
RETURN OF SEPA DD DEBIT
D-SDY
DEPOSIT OF SUNDRY ITEMS
D-SET
SETTLEMENT CREDIT
D-SO
DEPOSIT OF STANDING ORDERS
D-SO
STANDING ORDER CREDIT
D-SPB
AT DEPOSIT
D-STK
DEPOSIT BY SALE OF STOCKS/SHARES
D-SWP
SWEEPING CREDIT
D-TAX
CREDIT TAX REFUND
D-TBI
CREDIT OF TERM SAVINGS BONUS INTEREST
D-TC
COR CREDIT TRUSTCARD NPA
D-TC
CREDIT TRUSTCARD NPA
D-TD
CREDIT OF TERM DEPOSIT CAPITAL
D-TDI
CREDIT OF TERM DEPOSIT INTEREST (GROSS)
D-TDI
CREDIT OF TERM DEPOSIT INTEREST (NET)
D-TFR
INTER ACCOUNT TRANSFER CR TELEFINANCE
D-TFR
INTER ACCOUNT TRANSFER CREDIT
D-TFR
INTER ACCOUNT TRANSFER CREDIT (A/T)
D-TFR
LOAN CHARGES TRANSFER CREDIT
D-TFR
OVERDRAFT INTEREST TRANSFER CREDIT
D-TFR
CHARGES TRANSFER CREDIT
D-TFR
TRANSFER CREDIT PAYMENT - NET CREDIT
D-TFR
TRANSFER CREDIT PAYMENT - GROSS CREDIT
D-TFR
TRANSFER OF PLANNED O/F FEES - CREDIT
D-TFR
TRANSFER OF USAGE FEES CREDIT
D-TIB
TRANSFER IN CREDIT - BUSINESS A/C
D-TOP
TRANSFER OUT CREDIT - PERSONAL A/C
D-TSB
TRANSFER OF AN AMOUNT FROM ANOTHER TSB
D-UAC
DEPOSIT OF UNAPPLIED CREDIT
D-UCQ
CLAIM FOR UNPAID CHEQUE
D-UDD
CLAIM FOR UNPAID DIRECT DEBIT
D-ZER
CREDIT TO ZEROISE BALANCES
DD
DIRECT DEBIT
DE PA
COR EFTPOS PURCHASE ADJUSTMENT CR ADVICE
DE PA
EFTPOS REFUND ADJUSTMENT CREDIT ADVICE
DEB
DEBIT CARD
DEL
DELETE AUTOMATED CREDIT DECISIONS
DEL
DELETE TERM DEPOSIT SERIES
DEL
TERM DEPOSIT SERIES CLOSURE
DEL
FIL APPLICATION DELETION
DEP
DEPOSIT
DERFD
EFTPOS REFUND ADVICE
DIV
DIVIDEND
DR
OVERDRAWN BALANCE
DT-ACB
AMEND CONTROLLING BRANCH
DT-CCR
CANCEL CREDITS
DT-CS
CANCEL SCHEME
DT-DAC
DECREASE ACCUMULATION
DT-DTP
DECREASE THIS PERIOD
DT-IAC
INCREASE ACCUMULATION
DT-ITP
INCREASE THIS PERIOD
DT-NSH
NEW SCHEME HEADER
DT-NSV
NEW SAVER
DT-NTP
NEW THIS PERIOD
DT-PAS
PERMANENT AMENDMENT TO SCHEME HEADER
DT-PAY
PAY THE SCHEME
DT-PD
PERMANENT DECREASE
DT-PI
PERMANENT INCREASE
DT-PSC
PRIMARY SCHEME CANCELLATION
DT-SCE
SCHEME ENQUIRY
DT-SHE
SCHEME HEADER ENQUIRY
DT-SL
SCHEME LEAVER
DT-SLI
SET LIST INDICATOR
DT-SVE
SAVER ENQUIRY
DT-TAS
TEMPORARY AMENDMENT TO SCHEME HEADER
DT-TD
TEMPORARY DECREASE
DT-TI
TEMPORARY INCREASE
DVRFD
VISA CREDIT VOUCHER
E-ADV
ADVANCES ENQUIRY
E-BRP
ENQUIRY FOR BRANCH OLIF REPORTS
E-CYS
COPY STATEMENT ENQUIRY
E-FCI
FIL CUSTOMER INFORMATION ENQUIRY
E-FHD
FIL REPAYMENT HISTORY DETAILS ENQUIRY
E-FIL
FIL FULL ENQUIRY
E-FLB
FIL BASIC ENQUIRY
E-FLL
FULL ENQUIRY
E-FP
FASTER PAYMENTS CHARGE ENQUIRY
E-IND
INDICATOR ENQUIRY
E-IRP
ENQUIRY ON INSPECTION OLIF REPORTS
E-LTC
LOAN TAX CERTIFICATE DETAILS ENQUIRY
E-NSL
NBE/STATEMENT LINES ENQUIRY
EE EQ
ENQUIRE ON NOTICE OF WITHDRAWALS
EF-ENQ
ENQUIRE EARMARK (CMAS)
EFT
ELECTRONIC FUNDS TRANSFER
EUR
EURO CHEQUE
FE
FOREIGN EXCHANGE
FEE
SERVICE FEE
FPI
FASTER PAYMENTS INBOUND
FPO
FASTER PAYMENTS OUTBOUND
G-CBO
GENERATED CHEQUE/CREDIT BOOK ORDER
I-ACO
INSERT CHQ & CREDIT BOOK PERSONALTN DETS
I-AT
INSERT ACCOUNT TITLE
I-BCD
INSERT BUSINESS CUSTOMER DETAILS
I-BDG
INSERT ADDITIONAL BADGE ISSUE
I-CF
INSERT CREAMING/FUNDING TRAILER
I-CSA
CREDIT SCORING APPLICATION AMEND
I-CSR
INPUT CREDIT REFERENCE
I-CUD
INSERT CUSTOMER DECISION TRAILER
I-DDM
INSERT DIRECT DEBIT MANDATE
I-FO
INSERT FORMAL OVERDRAFT
I-FOA
INSERT FUTURE OVERDRAFT ARRANGEMENT FEE
I-GCR
ADD ACCOUNTS TO GROUP CREAMING
I-IND
INSERT INDICATOR
I-IND
INSERT CUSTOMER INDICATOR
I-LCB
INSERT LOST CHEQUE BOOK TRAILER
I-MKI
INSERT MARKETING INDICATOR
I-MPA
NEW PROPERTY ADDRESS
I-NCC
CREDIT CARD APPLICATION
I-NDC
NEW CARD
I-NOW
INSERT NOTICE OF WITHDRAWAL TRAILER
I-OID
INSERT OFFICER IDENTITY
I-OID
INSERT OFFICER ID - BADGE DETS (HISTORY)
I-PCS
PRIMARY CREDIT SCORING APPLICATION
I-PRA
INSERT PRINCIPAL RESIDENTIAL ADDRESS
I-RSF
INSERT REGULAR SERVICE FEE TRAILER
I-SA
INSERT SET OFF ACCOUNT DETAILS
I-SCQ
INSERT STOPPED CHEQUE TRAILER
I-SCS
SECONDARY CREDIT SCORING APPLICATION
I-SDD
INSERT STOP DIRECT DEBIT TRAILER
I-UNC
INSERT UNCLEARED CHEQUE TRAILER
I-XRF
INSERT CROSS REFERENCE
IB
INTERNET BANKING
INT
INTREST
L-CUS
LINK CUSTOMER TO ACCOUNT
LN-AMD
AMEND FIXED INTEREST LOAN
LN-CAN
FIXED INTEREST LOAN CANCEL
LTB
BANK TRANSFER
M-CBO
MANUAL CHEQUE/CREDIT BOOK ORDER
M-TFO
MORTGAGE TRANSFER
MPI
MOBILE PAYMENT IN
MPO
MOBILE PAYMENT OUT
MTG
MORTGAGE PAYMENT
N-DFC
PRE-NOTIFICATION OF DEFERRED CHARGES
N-FSC
PRE-NOTIFICATION OF FIXED SERVICE CHARGE
N-MGC
PRE-NOTIFICATION OF MANAGEMENT CHARGE
N-OIC
PRE-NOTIFICATION OF OVERDRAFT INT CHGS
N-PNC
PRE-NOTIFICATION OF CHARGES
NEW
NEW ACCOUNT BY DEPOSIT OF CASH
NEW
NEW ACCOUNT BY DEPOSIT OF CHEQUE
NEW
NEW ACCOUNT
NEW
NEW PENDING BRANCH TRANSFER-IN
NEW
NEW CUSTOMER
NEW
NEW WITH CASH/CHQ
NEW
NEW MORTGAGE ACCOUNT
NEW
NEW FIXED INTEREST LOAN
NEW
NEW VARIABLE INTEREST LOAN
NEW
NEW TERM DEPOSIT SERIES
NEW
NEW TERM DEPOSIT (CSH)
NEW
NEW TERM DEPOSIT (CHQ)
NEW
NEW SPECIAL TERM DEPOSIT - CASH
NEW
NEW SPECIAL TERM DEPOSIT - CHEQUE
NEW
COR NEW TERM DEPOSIT
NEW
COR NEW FIXED INTEREST LOAN
NEW
BULK TFRS REQUEST NEW SPEEDBANK CARD
NS
NATIONAL SAVINGS DIVIDEND
NSC
NATIONAL SAVINGS CERTIFICATE
O-CUS
REORDER CUSTOMERS FOR ACCOUNT
OTH
OTHER
P-ACQ
WITHDRAWAL OF CAD GENERAL CLEARING
P-ACQ
CHEQUE DEBIT
P-ADV
MORTGAGE ADVANCE
P-AOF
DEBIT OF PLANNED OVERDRAFT FEES
P-AOF
DEBIT OF CLOSED ACCOUNT PLANNED O/F FEES
P-AOF
DEBIT OF USAGE FEES
P-AOF
DEBIT OF CLOSED ACCOUNT USAGE FEES
P-ATD
COR DEBIT/ACCRUE ANCILLARY CHARGE
P-ATF
COR ATM WITHDRAWAL FEE
P-ATF
ATM WITHDRAWAL FEE
P-ATI
ACCOUNT TRANSFER IN DEBIT
P-ATO
WITHDRAWAL BY AUTOTELLER (ON LINE)
P-ATO
ACCOUNT TRANSFER OUT DEBIT
P-BAC
BACS PAYMENT-TELEFINANCE
P-BIL
BILL PAYMENT DEBIT
P-BKC
PAY CASH WITH CARD
P-BLK
SYSTEM ESSENTIAL BULK DEBIT
P-BP
BANKERS PAYMENT
P-BTI
BULK TRANSFER IN DEBIT
P-BTO
BULK TRANSFER OUT DEBIT
P-CAP
GROSS CREDIT INT TRANSFER DEBIT
P-CAP
NET CREDIT INT TRANSFER DEBIT
P-CGS
DEBIT OF CLOSED ACCOUNT DEFERRED CHARGES
P-CGS
DEBIT OF DEFERRED CHARGES
P-CHG
WITHDRAWAL OF ACCOUNT CHARGES
P-CHG
RETURNED CHEQUE CHARGE
P-CHG
RETURNED DIRECT DEBIT CHARGE
P-CHG
RECALLED STANDING ORDER CHARGE
P-CHG
FIL DEBIT OF INITIAL CHARGES
P-CHG
COR RECALLED STANDING ORDER CHARGE
P-CHG
COR RETURNED CHEQUE CHARGE
P-CHG
COR RETURNED DIRECT DEBIT CHARGE
P-CHP
CHAPS OUTWARD PAYMENT-TELEFINANCE
P-CHQ
WITHDRAWAL OF CHEQUE
P-CIT
WITHDRAWAL OF CLEARINGS ITEMS
P-CLR
WITHDRAWAL OF PAPER CLEARING
P-CRM
CREAMING DEBIT (ORIGINATOR)
P-CRO
BRANCH DEBIT OUT CONTRA
P-CSH
WITHDRAWAL OF CASH
P-CSH
AT CASH TRANSFER OUT
P-CSH
SYSTEM DEBIT TO AN NPA
P-CUR
FOREIGN EXCHANGE SALE
P-CUR
FOREIGN EXCHANGE SALE (CASH)
P-DAC
DEBIT OF ANCILLARY CHARGES
P-DAC
DEBIT ANCILLARY CHARGES (ONLINE)
P-DCA
DEBIT OF CLOSED A/C ANCILLARY CHARGES
P-DD
WITHDRAWAL OF DIRECT DEBITS
P-DD
DIRECT DEBIT
P-DD
FINAL DIRECT DEBIT
P-DD
REPRESENTATION OF DIRECT DEBIT
P-DD
INITIAL DIRECT DEBIT
P-DD
PAY DIRECT DEBIT
P-DS
DIRECT SETTLEMENT VIA LTSB ACCOUNT
P-DTS
DTS DEBIT
P-EUR
UNIFORM EUROCHEQUE DEBIT
P-FE
WITHDRAWAL FOR FOREIGN EXCHANGE
P-FEE
REGULAR SERVICE FEE DEBIT
P-FIT
WITHDRAWAL OF FINANCIAL ITEMS
P-FND
INTER-CENTRE FUNDING DEBIT ORIGINATOR
P-FND
FUNDING DEBIT (ORIGINATOR)
P-FP
FASTER PAYMENTS DEBIT
P-FPC
DEBIT OF FASTER PAYMENT CHARGE
P-FSC
DEBIT OF FIXED SERVICE CHARGE
P-FSC
DEBIT OF CLOSED A/C FIXED SERVICE CHARGE
P-FST
FIXED SERVICE CHARGE TRANSFER DEBIT
P-GIR
WITHDRAWAL FOR GIRO
P-HPA
MORTGAGE HPA ADVANCE
P-ICH
INTER-BANK WITHDRAWAL OF CASH
P-ICQ
INTER-BANK WITHDRAWAL OF CHEQUE
P-INS
PROPERTY INSURANCE - BANK
P-LIC
DEBIT OF CLOSED ACCOUNT LOAN INTEREST
P-LIC
DEBIT OF LOAN INTEREST CHARGES
P-LN
BUSINESS LOAN REPAYMENT
P-LN
PERSONAL LOAN REPAYMENT
P-LN
HOME IMPROVEMENT LOAN REPAYMENT
P-LN
NCB MORTGAGE REPAYMENT
P-LN
FIXED INTEREST LOAN - INITIAL PAYMENT
P-LST
NBE AMALGAMATION DEBIT
P-MIP
MIP SYSTEM DEBIT TO NPA
P-MPI
PROPERTY INSURANCE DEBIT
P-MTG
MORTGAGE REPAYMENT DEBIT
P-NSC
WITHDRAWAL FOR NATIONAL SAVINGS CERTS
P-OIC
DEBIT OF CLOSED A/C OVERDRAFT INT CHGS
P-OIC
DEBIT OF OVERDRAFT INTEREST CHARGES
P-OTH
WITHDRAWAL OF MISCELLANEOUS ITEMS
P-OUF
DEBIT OF MANAGEMENT CHARGE
P-OUF
DEBIT OF CLOSED ACC MANAGEMENT CHARGE
P-PEN
EARLY SETTLEMENT CHARGE
P-PI
PROPERTY INSURANCE BANK (SYSTEM)
P-PIT
DEBIT OF POOLED INTEREST
P-PSB
WITHDRAWAL FOR PREMIUM SAVINGS BONDS
P-QCL
WITHDRAWAL OF TELLER CHEQUES
P-RAC
RETURNED AUTOMATED CREDIT
P-RCC
DEBIT OF REPLACEMENT CARD CHARGES
P-SAL
SALARY DEBIT
P-SCR
RETURN OF SEPA DD CREDIT
P-SD
MORTGAGE SUNDRY DEBIT
P-SD
SEPA DD DEBIT
P-SDY
WITHDRAWAL OF SUNDRY ITEMS
P-SET
SETTLEMENT DEBIT
P-SO
WITHDRAWAL OF STANDING ORDER
P-SO
STANDING ORDER DEBIT
P-SPB
FORCED CLYDESDALE POSTING
P-SPB
CLYDESDALE WITHDRAWAL
P-SPB
BILL PAYMENT BY SPEEDBANK AUTHORISATION
P-STK
WITHDRAWAL FOR STOCKS/SHARES PURCHASE
P-SWP
SWEEPING DEBIT
P-TAX
DEBIT OF TAX
P-TD
PAYMENT OF TD CAPITAL
P-TFR
INTER ACCOUNT TRANSFER DEBIT
P-TFR
INTER ACCOUNT TRANSFER DEBIT (AT)
P-TFR
INTER ACCOUNT FUNDS TRANSFER-TELEFINANCE
P-TFR
CHARGES TRANSFER DEBIT
P-TFR
BULK DEBIT FROM DAA
P-TFR
LOAN CHARGES TRANSFER DEBIT
P-TFR
OVERDRAFT INTEREST TRANSFER DEBIT
P-TFR
BULK DEBIT FROM IAA
P-TFR
TRANSFER CREDIT PAYMENT - NET DEBIT
P-TFR
TRANSFER CREDIT PAYMENT - GROSS DEBIT
P-TFR
TRANSFER OF PLANNED OVERDRAFT FEES - DEB
P-TFR
TRANSFER OF USAGE FEES DEBIT
P-TOP
TRANSFER OUT DEBIT - PERSONAL A/C
P-TSB
TRANSFER OF AN AMOUNT TO ANOTHER TSB
P-UDD
CLAIM FOR UNPAID INIT DIRECT DEBIT - IN
P-UDD
CLAIM FOR UNPAID DIRECT DEBIT
P-UDD
CLAIM FOR UNPAID REP - DIRECT DEBIT - IN
P-UDD
CLAIM FOR UNPAID FINAL DIRECT DEBIT - IN
P-UFC
DEBIT OF UNPAID FIL CHARGE
P-UFC
DEBIT OF UNPAID STANDING ORDER CHARGE
P-UT
WITHDRAWAL FOR UNIT TRUST
P-VSA
VISA CASH AUTHORISATION/PAYMENT
P-VSC
VISA CASH PAYMENT
P-WCG
WITHDRAWAL CHARGE
P-WCG
CLOSED ACCOUNT WITHDRAWAL CHARGE
P-ZER
DEBIT TO ZEROISE BALANCES
PAY
COUNTER WITHDRAWAL
PE CW
EFTPOS CASH WITHDRAWAL
PE PA
EFTPOS PURCHASE ADJUSTMENT DEBIT ADVICE
PE RA
EFTPOS REFUND ADJUSTMENT DEBIT ADVICE
PE SP
EFTPOS STANDARD PURCHASE ADVICE
PECCW
AMEND DEBIT INTEREST SUMMARY
PECPA
EFTPOS PURCHASE ADJUST AUTH & CAPTURE
PECPC
EFTPOS PURCHASE/CASH BACK AUTH CAPTURE
PECRA
EFTPOS REFUND ADJUSTMENT AUTH & CAPTURE
PECSP
ENQUIRE ON DEBIT INTEREST SUMMARY
PEPAC
EFTPOS PRE-AUTHORISATION COMPLETION
PEPCB
EFTPOS PURCHASE WITH CASH BACK ADVICE
PSB
PREMIUM SAVINGS BOND
PSV
PAYSAVE
PT-FIN
INTER CENTRE POLL
PT-HDR
ENQUIRY FOR VOICE REFERRAL
PT-RST
CHARGES ENQUIRY
PT-STA
ENQUIRY FOR CARD ORDER
PT-TLR
INTER CENTRE RECOVERY TRANSACTION
PV CW
VISA CASH DISBURSEMENT
PV SP
VISA SALES DRAFT
R-AT
DELETE ACCOUNT TITLE
R-BCD
DELETE BUSINESS CUSTOMER DETAILS
R-CCC
TRANSFER OF PRODUCT WITHOUT EARLY CLOSUR
R-CCI
TRANSFER OF PRODUCT WITH EARLY CLOSURE C
R-CUS
REMOVE CUSTOMER FROM ACCOUNT
R-DCO
ENQUIRE ON CUSTOMER BONUS DETAILS
R-FO
DELETE FORMAL OVERDRAFT
R-GCR
REMOVE ACCOUNTS FROM GROUP CREAMING
R-IND
DELETE INDICATOR
R-IND
DELETE CUSTOMER INDICATOR
R-LCB
DELETE LOST CHEQUE BOOK TRAILER
R-MFC
DELETE MORTGAGE FURTHER CHARGE
R-MPA
DELETE PROPERTY ADDRESS
R-RSF
DELETE REGULAR SERVICE FEE TRAILER
R-SA
DELETE SET OFF ACCOUNT DETAILS
R-SCQ
DELETE STOPPED CHEQUE TRAILER
R-SDD
DELETE STOP DIRECT DEBIT TRAILER
R-SDD
DELETE STOP DIRECT DEBIT TRAILER
R-SO
RECALL STANDING ORDER
R-SPB
REVERSAL OF AUTOTELLER WITHDRAWAL
R-SSP
REVERSAL OF CUSTOMER SELF SELECT PIN
R-TAX
TAX REFUND
R-UNC
DELETE UNCLEARED CHEQUE TRAILER
R-WPN
REVERSAL OF WITHDRAWAL PENALTY
R-XRF
DELETE CROSS REFERENCE
RE-INV
TERM DEPOSIT RE-INVESTMENT
RQ-BIR
BRANCH INSPECTION REPORTS REQUEST
RQ-BSL
REQUEST FOR BUSINESS STEM LIST
RQ-CLU
TEST TERMINAL
RQ-CRP
CONFIDENTIAL REPORTS REQUEST
RQ-CS
COUNTER STATEMENT REQUEST
RQ-DAG
DD AMEND/CANCEL ADVICE (GENERATED)
RQ-DAR
DIRECT DEBIT AMEND/CANCEL ADVICE REQUEST
RQ-FIC
FIL INTEREST CERTIFICATE REQUEST
RQ-FSQ
FIL EARLY SETTLEMENT QUOTATION
RQ-FSR
FIL STATEMENT REQUEST
RQ-NBR
REQUEST FOR NPA BALANCES REPORT
RQ-PU
PASSBOOK UPDATE
RQ-RBS
REQUEST FOR BALANCE SHEET PART 2 REPORT
RQ-SL
REQUEST FOR STEM LIST
RQ-SS
REQUEST FOR SINGLE STEM
RQ-UI
UNIQUE ID INFORMATION REQUEST
S-DI
SUSPEND DEBIT INTEREST
SAL
SALARY
SCR
REFUND DEBIT
SDC
COLLECTION CREDIT
SDD
COLLECTION DEBIT
SDR
REVERSAL CREDIT
SO
STANDING ORDER
SO-AMD
STANDING ORDER AMENDMENT
SO-BAM
STANDING ORDER BENEFICIARY AMENDMENT
SO-CAN
STANDING ORDER CANCELLATION
SO-DEL
STANDING ORDER DELETION
SO-ENQ
STANDING ORDER ENQUIRY
SO-LEV
STANDING ORDER LEVEL CHANGE
SO-NEW
NEW STANDING ORDER
SO-REL
RELEASE STANDING ORDER SUSPENSION
SO-SUM
STANDING ORDER SUMMARY
SO-SUS
STANDING ORDER SUSPENSION
SO-TFI
STANDING ORDER TRANSFER IN
SO-TFR
STANDING ORDER TRANSFER
SPB
CASHPOINT
SUR
EXCESS MANAGEMENT REVERSAL
T-ATD
AMEND TRANSACTION DATE
T-CBL
CASHBOX BALANCE
T-CHQ
CHQ TRANSFER
T-CO
CASHBOX OPEN
T-CSI
CUSTOMER TRANSFER IN
T-CTC
CASHBOX TEMPORARY CLOSE
T-CTD
CANCEL AMEND TRANSACTION DATE
T-DRM
TRANSFER TO DORMANT
T-ENQ
CASHBOX TOTALS ENQUIRY
T-FIL
FIL TRANSFER
T-FOT
FINISH OFF LINE TRANSACTION TRANSMISSION
T-INV
INV TRANSFER
T-RPR
REPAIRED TERMINAL
T-SAV
SAV TRANSFER
T-SOF
SIGN OFF
T-SON
SIGN ON
T-SOT
START OFF LINE TRANSACTION TRANSMISSION
T-TDA
TDA TRANSFER
T-VIL
VIL TRANSFER
TC
TRUSTCARD PAYMENT
TD
TRANSFERRED
TD-CNV
TERM DEPOSIT CONVERSION
TDG
TRANSFERRED INTEREST GROSS
TDI
TRANSFERRED INTEREST
TDN
TRANSFERRED INTEREST NET
TER
HISTORY - DELETE ACCOUNT INDICATOR
TER
HISTORY - REMOVE CHARGE EXEMPTION
TER
FIL TERMINATION - HISTORY
TER
STANDING ORDER TERMINATION - HISTORY
TER
AUTOMATED REQUEST - ISSUE STATEMENT
TER
AUTOMATED REQUEST - INTERNAL MOVEMENT
TER
AUTOMATED REQUEST - ISSUE DIARY NOTE
TFI
FIL TRANSFER IN - HISTORY
TFI
AUTOMATED REQUEST - TRANSFER IN
TFR
FUNDS TRANSFER
TFR
FIL TRANSFER - HISTORY
TFR
AUTOMATED REQUEST - TRANSFER
TOTCAP
TERM SAVINGS TOTAL CAPITAL
TOTINT
TERM SAVINGS TOTAL INTEREST
UT
UNIT TRUST
V-BDG
VALIDATE BADGE
 

ERROR SCENARIOS

Scenario ASPSP Response v4.0 ASPSP Response v3.1.x Expected TPP Action

Scenarios applicable to all AIS endpoints

TPP Create a consent in Newer version and use it on previous version

(If the consent is created in 4.0 and TPP calls 3.1.x resource)

Http Status: 403

NA

Consent created in Newer version and accessed on Older version

TPP attempts to access a resource for which the access has been revoked at the ASPSP.

(Sub-scenario: Access token not revoked; consent has been changed to Rejected/Expired by ASPSP.)

Http Status: 403

Http Status: 401

Code: 401 Unauthorized

Message: Unauthorised

ErrorCode:
UK.OBIE.Resource.InvalidConsentStatus

Message:
PSU revoked access.Reauthentication is required.

Error Type: AuthoriseConsent

Create a new consent using a POST operation.

Take the PSU through an authentication journey

TPP attempts to access a resource using an access token that has expired.

(Sub-scenario: The underlying consent has expired.)

Http Status: 403

Errors:
ErrorCode: U028

Message:
UK.OBIE.Reauthenticate - Reauthentication required to process the request.

Http Status: 403

Code: 403 Forbidden

Message: Reauthenticate

Errors:
ErrorCode: UK.OBIE.Reauthenticate

Message:
Reauthentication required to process the request

Create a new consent using a POST operation.

Take the PSU through an authentication journey

TPP attempts to access a resource using an access token outside of the SCA period. The underlying consent has not expired

Typically this applies to AIS resources that do not benefit from RTS Article 10.

Http Status: 403

Errors:
ErrorCode: U028

Message:
UK.OBIE.Reauthenticate -Reauthentication is required by PSU

Http Status: 403

Code: 403 Forbidden

Message: Forbidden

ErrorCode: UK.OBIE.Reauthenticate

Message: Reauthentication required to process the request

Take the user through a re-authentication journey using the existing consent.

TPP attempts to access a resource related to an account that is closed.

This also applies in situations where the account holder that has wound up, is under receivership, is deceased or if the account has been switched over to another bank.

Http Status: 400

Errors:
ErrorCode: U011

Message: UK.OBIE.Resource.NotFound -Forbidden - Account closed or suspended

Error message returned in redirect URL:

One or more accounts are closed or suspended. Please re-consent for eligible accounts

Error Type: AuthoriseConsent

Do not attempt to request information for this account again.

Take the user through a re-consent journey to remove this account from the consent.

TPP attempts to re-auth a consent where one or more account has got closed.

This also applies in situations where the account holder that has wound up, is under receivership, is deceased or if the account has been switched over to another bank.

Error message returned in redirect URL:

One or more accounts are closed or suspended. Please re-consent for eligible accounts

Error Type: AuthoriseConsent

Http Status: 403

Code: 403 Forbidden

Message: Forbidden

Errors:
ErrorCode: UK.OBIE.Resource.NotFound

Message: Forbidden - Account closed or suspended

Do not attempt to re-auth this consent again.

Take the user through a re-consent journey to remove the closed account(s) from the consent.

TPP attempts to access an endpoint for which permission had not been provided when the consent was created.

Http Status: 403

Errors:
ErrorCode: U008

Message:
Message: UK.OBIE.Resource.ConsentMismatch- Permission not provided

HTTP Status - 403

Code: 403 Forbidden

Message: Forbidden

Errors:
ErrorCode: UK.OBIE.Resource.ConsentMismatch

Message: Permission not provided

Error Type: AuthoriseConsent

Do not attempt to request information for this endpoint again.

Take the user through a re-consent journey to add the permission if required.

TPP attempts to access an endpoint with an incorrect AccountID.

Http Status: 400

Errors:
ErrorCode: U002

Message:
UK.OBIE.Field.Invalid - AccountId not valid

Http Status: 400

Code: 400 BadRequest

Message: Invalid request parameters

Errors:
ErrorCode: UK.OBIE.Field.Invalid

Message: AccountId not valid

Error Type: AuthoriseConsent

Do not attempt to request information for this accountID again.

Try again with a valid AccountID.

Endpoint specific scenarios

/account-access-consents

TPP attempts to pass invalid or no permissions in request body.

Http Status: 400

Errors:
ErrorCode: U002

Message: Permissions is not in a valid format

Http Status: 400

Code: 400 BadRequest

Message: Invalid request parameters

Errors:
ErrorCode: UK.OBIE.Field.Invalid

Message: Permissions is not in a valid format

Refer to OBIE specs.

Take the PSU through the consent journey with valid permissions.

/account-access-consents

TPP sends the request with one of the following date related issues:

  • past date in ExpirationDateTime field
  • TransactionFromDateTime greater than the TransactionToDateTime
  • Invalid date formats for ExpirationDateTime, TransactionFromDateTime and/or TransactionToDateTime

Http Status: 400

Errors:
ErrorCode: U003

Message: UK.OBIE.Field.InvalidDate- fromBookingDateTime is not in a valid format

Http Status: 400

Code: 400 BadRequest

Message: Invalid request parameters

Errors:
ErrorCode: UK.OBIE.Field.InvalidDate

Message: fromBookingDateTime is not in a valid format

Take the PSU through the consent journey with a valid dates.

/transactions

TPP requests for transactions with one of the following date related issues:

  • FromBookingDateTime greater than ToBookingDateTime
  • Invalid date formats
  • Invalid date range (for example future dates)

Http Status: 400

Errors:
ErrorCode: U003

Message:
UK.OBIE.Field.InvalidDate - fromBookingDateTime and toBookingDateTime date range is not valid. Please refer to the OBIE specs and Implementation Guide

Http Status: 400

Code: 400 InvalidDateRange

Message: Invalid request parameters

Errors:
ErrorCode: UK.OBIE.Field.InvalidDate

Message: fromBookingDateTime and toBookingDateTime date range is not valid. Please refer to the OBIE specs and Implementation Guide

Send the request with valid dates.

/transactions

TPP requests for transactions outside the consented date range.

Http Status: 400

Errors:
ErrorCode: U003

Message: UK.OBIE.Field.InvalidDate-Transaction sharing consent not given for specified date range

Http Status: 403

Code: 403 Forbidden

Message: Forbidden

ErrorCode: UK.OBIE.Field.InvalidDate

Message: Transaction sharing consent not given for specified date range

Do not attempt to request information for this date range again.

Request for transactions within the consented date range

Take the user through a re-auth journey to extend or modify the date range.

/balances

Commercial scenario: TPP attempts to access balances for a commercial PSU who has created the consent but does not have sufficient entitlement (as a part of his/her role) to access the information.

Http Status: 400

Errors:
ErrorCode: U005

Message: UK.OBIE.Field.Unexpected-User role does not have sufficient entitlements

Http Status: 403

Code: 403 Forbidden

Message: Insufficient entitlements

UK.OBIE.Field.Unexpected

Message: User role does not have sufficient entitlements

Inform the PSU that they don’t have sufficient entitlement to access the information.

Take the PSU through a re-consent journey after the PSU confirms that sufficient entitlements have been given to them.

Generic service unavailable error scenario

ASPSP downstream services or server is down.

Http Status: 500

Errors:
ErrorCode: U000

Message: UK.OBIE.UnexpectedError - Due to a technical problem, the request cannot be completed at this moment

Http Status: 500

Code: 500 UnexpectedError

Message: Unexpected error

Errors:
ErrorCode: UK.OBIE.UnexpectedError

Message: Due to a technical problem, the request cannot be completed

Try again after some time.

CONFIRMATION OF FUNDS SERVICES

This section provides an overview of how to use our Confirmation of Funds APIs. It is intended to help CBPII integrate applications and services with our APIs and details scope and any variations from Open Banking API specifications.

This detail should be read in conjunction with Open Banking Specifications and our API Products:

  • Confirmation of funds API Specification can be found here.
  • API Products can be found here.

Confirmation of Funds Scope

The below table details the confirmation of funds Services that are supported by Lloyds Banking Group across our Channels and Products.

These are available to use to request Confirmation of funds on our core brands Lloyds Bank, Bank of Scotland, Halifax (Retail only). In addition, we also support our core brands and MBNA brand for Retail Credit Cards.

COF Retail Business Commercial
Current Account Savings Account Credit Cards Current Account Savings Account Credit Cards Sterling Non-Sterling
Funds confirmation consent
Funds confirmation

Confirmation of Funds Consent Re-authentication

The consents created in latest version of V4.xx will be eligible for re-authentication as outlined in the Open Banking Specifications v4.0.

ERROR SCENARIOS

Scenario Expected ASPSP Response V4.x.x Expected ASPSP Response V3.x.x Expected TPP Action
Scenarios applicable to CoF endpoints
TPP attempts to access a resource using an access token that has expired.
(Sub-scenario: The underlying consent has not expired.)

HTTP Status: 403

Errors:
ErrorCode: U028

Message:
UK.OBIE.Reauthenticate - Reauthentication required to process the request.

Error Type: Reauthenticate

 Http Status: 401
Error Code: Token expired
Error Type: Reauthenticate		 If the TPP has a valid refresh token, use the refresh token to get a new access token.
If the refresh token has expired as well, take the user through a re-auth
TPP attempts to access a resource using an access token that has expired.
(Sub-scenario: The underlying consent has expired.)		 Http Status: 403
Error Type: AuthoriseConsent		 Http Status: 403
Error Code: UK.OBIE.Resource.InvalidConsentStatus
Error Type: AuthoriseConsent		 Create a new consent using a POST operation.
Take the PSU through an authentication journey.
TPP attempts to access a resource related to an account that is closed.
This also applies in situations where the account holder that has wound up, is under receivership, is deceased or if the account has been switched over to another bank.

HTTP Status: 400

Errors:
ErrorCode: U011

Message:
"UK.OBIE.Resource.NotFound - Forbidden - Account closed or suspended."

Error Type: AccountPermanentlyUnavailable

 Http Status: 403
Error Code: UK.OBIE.Resource.NotFound
Error Type: AccountPermanentlyUnavailable		 Do not attempt to request information for this account again..
Take the user through a re-consent journey to remove this account from the consent.
TPP attempts to re-auth a consent where one or more account has got closed.
This also applies in situations where the account holder that has wound up, is under receivership, is deceased or if the account has been switched over to another bank.		 Error message returned in redirect URL:
One or more accounts are closed or s uspended. Please re-consent for eligible accounts
Error Type: AuthoriseConsent		 Error message returned in redirect URL:
One or more accounts are closed or s uspended. Please re-consent for eligible accounts
Error Type: AuthoriseConsent		 Do not attempt to re-auth this consent again
Take the user through a re-consent journey to remove the closed account(s) from the consent.
/funds-confirmation-consents
TPP sends a past date in ExpirationDateTime field or the date format is incorrect.

HTTP Status: 400

Errors:
ErrorCode: U003

Message:
"UK.OBIE.Field.InvalidDate - < field name > cannot be in the past."

Error Type: AuthoriseConsent

 Http Status: 400
Error Code: UK.OBIE.Field.InvalidDate
Error Type: AuthoriseConsent		 Take the PSU through the consent journey with a valid future ExpirationDateTime.
/funds-confirmation-consents
TPP sends an invalid value in the consents creation request in one of the following fields (i.e. validation fails):
  • SchemeName
  • Name
  • Identification
  • SecondaryIdentification

HTTP Status: 400

Errors:
ErrorCode: U002

Message:
" UK.OBIE.Field.InvalidDate - <field name>is not in a valid format"

Error Type: AccountConsent

 Http Status: 400
Error Code: UK.OBIE.Field.Invalid
Error Type: AuthoriseConsent		 Try again with a valid value as per OBIE specs
/funds-confirmation
TPP attempts to access the endpoint with an incorrect ConsentId

HTTP Status: 400

Errors:
ErrorCode: U011

Message:
"UK.OBIE.Resource.NotFound" - "Consent Id not found."

Error Type: RequestWithValidDetails

 Http Status: 403
Error Code: UK.OBIE.Resource.ConsentMismatch
ErrorType: RequestWithValidDetails		 Do not attempt to request information for this ConsentID again. Try again with a valid ConsentId.
/funds-confirmation
TPP attempts to access the endpoint with an invalid value in one of the following fields (i.e. validation fails):
  • ConsentId
  • Amount
  • Currency

HTTP Status: 400

Errors:
ErrorCode: U011

Message:
"UK.OBIE.Resource.NotFound" - "<field name> not found."

Error Type: RequestWithValidDetails

 Http Status: 400
Error Code: UK.OBIE.Field.Invalid
ErrorType: RequestWithValidDetails		 Try again with a valid value in the request payload.
Generic service unavailable error scenario
ASPSP downstream services or server is down.

HTTP Status: 500

Errors:
ErrorCode: U000

Message:
“UK.OBIE.UnexpectedError” - "Due to a technical problem, the request cannot be completed at this moment."

Error Type: RetryLater

 Http Status: 500
Error Code:UK.OBIE.UnexpectedError
ErrorType: RetryLater		 Try again after some time.

STATUS REASON AND REDIRECT ERRORS

As part of the v4.0 API specification update, the StatusReason object will include StatusReasonCode and StatusReasonDescription when consent statuses are updated, as specified in the Open Banking Specifications v4.0.

Additionally, the Redirect URL will return error_description along with a relevant reason code, which may match the StatusReasonCode, when the consent status is provided.

PAYMENT INITIATION SERVICES

This section provides an overview of how to use our Payment Initiation Services APIs. It is intended to help PISPs integrate applications and services with our APIs and details scope and any variations from Open Banking API specifications.

This detail should be read in conjunction with Open Banking Specifications and our API Products:

  • Payment Initiation API Specification can be found here: v3.10 and v4.0

     

  • Variable Recurring Payments API Specification can be found here: v3.10 and v4.0

     

  • API Products can be found here.

     

Payments Scope

The below table details the Payment Initiation Services that are supported by Lloyds Banking Group for each Payment Type across our Channels and Products.

These are available to use to make payments from Current and Savings accounts on our core brands Lloyds Bank, Bank of Scotland, Halifax (Retail only). In addition, we also support our core brands and MBNA brand to make payments from Retail Credit Cards.

Payment Type Retail Business Commercial
Current Account Savings Account Credit Cards Current Account Savings Account Current Account
Domestic Payment (FPS)  
Domestic Payment (BACS)          
Domestic Payment (CHAPS)          
Domestic Payment (Balance Transfer / Money Transfer)          
Domestic Scheduled Payments  
Domestic Standing Orders    
International Payments      
File Payments          
Variable Recurring Payments        

Status Reason and Redirect Errors

As part of the v4.0 API specification uplift, StatusReasonCode and StatusReasonDescription will be returned in the StatusReason object when both consent statuses and payment statuses are updated as outlined in the Open Banking Specifications v4.0.

In the Redirect URL, error_description will also be returned with an appropriate reason code, that may be the same as provided in the StatusReasonCode, when the consent status is returned.

This is an optional requirement and will be available on Domestic Single Immediate Payments and Variable Recurring Payments. Other payment journeys will be updated as fast followers.

DOMESTIC PAYMENTS VARIATIONS

There are several important variations relating to Payment Initiation APIs that PISPs should be aware of for our Domestic Payment endpoints – Immediate, Scheduled and Standing Orders. These are detailed in the table below. The variations apply to both the API Profile versions, v3.1.x and v4.0

Endpoints Description

/domestic-payment-consents

/domestic-scheduled-payment-consents

/domestic-standing-order-consents

Payment Schemes supported for Domestic journeys.

Schemes supported across all domestic journeys are:

  • UK.OBIE.SortCodeAccountNumber
  • UK.OBIE.BBAN
  • UK.OBIE.IBAN

For Domestic Payment – Balance Transfer and Money Transfer must use UK.OBIE.PAN.

UK.OBIE.Paym is not supported, in line with Pay.UK removing the service in March 2023.

For API Profile v4.0, UK.OBIE.Wallet is not supported

Note: APIs will support UK IBANs or UK BBANs only.

/domestic-payment-consents

/domestic-scheduled-payment-consents

/domestic-standing-order-consents

Payment/Instructed Amount Field Validations.

Negative payment amounts are not allowed in any of the Lloyds Banking Group payment requests.

Amounts are restricted to 2 decimal places. Requests sent where the amount exceeds 2 decimal places will result in error response

For Balance Transfers and Money Transfers the minimum payment amount is £100

/domestic-payment-consents

/domestic-scheduled-payment-consents

/domestic-standing-order-consents

Payment Risk Categorisation must be provided in OBRisk.

For PISP initiated payments to be processed the payment must be categorised. Payment Context Code field in OBRisk is mandatory.

For API Profile v4.0, deprecated enumeration values are not supported. If sent, will result in an error response

There are some payment categories that will not be supported for Payment Type, Channel or Products.

  1. Domestic Payment – Balance Transfer / Money Transfer

    • For API profile v3.1.x, acceptable values are ‘Party to Party’ or ‘Transfer to Self’. All other Payment Context Codes will not be accepted.
    • For API Profile v4.0, acceptable Payment Context Code value is ‘Transfer to Self’. All other Payment Context Codes will not be accepted

  2. Savings Accounts are not supported for

    • For API Profile v3.1.x

    • Ecommercegoods
    • Ecommerceservices
    • EcommerceMerchantInitiatedPayment
    • FaceToFacePointOfSale

    • For API Profile v4.0

    • EcommerceMerchantInitiatedPayment
    • FaceToFacePointOfSale

/domestic-payment-consents

/domestic-scheduled-payment-consents

/domestic-standing-order-consents

SCA Exemption requests from PISPs is not supported.

PISPs cannot use SCA Support Data block to request SCA Exemption as this is not supported. If consent request is received, this will not be processed and will result in an error response.

/domestic-payment-consents

/domestic-scheduled-payment-consents

/domestic-standing-order-consents

Multi Party Authorisation - Support for > ‘1 to sign’ payments

Some Business customers have set up Multi Party authorisation for > ‘1 to sign’ payments using Online Payment Control (OPC).

PISPs should include OBAuthorisation1 data block in consent requests for these customers. Completion Date Time functionality is not supported

For payments that require Multi Party authorisation, additional approvals occur in our direct channel before the payments are processed, due to which the terminal payment status may not be available.

/domestic-payment-consents

/domestic-scheduled-payment-consents

/domestic-standing-order-consents

Risk – Delivery Address

Country Code and Town Name are required if Risk Delivery Address details are provided

/domestic-payment-consents

Balance Transfers – Mandatory Requirements

Local Instrument: Is a mandatory field and must be provided as UK.OBIE.BALANCETRANSFER

Creditor Account:

  • SchemeName must be UK.OBIE.PAN
  • Identification must be Credit Card PAN
  • Name

Debtor Account: must be pre-populated in the consent request with details as:

  • SchemeName must be UK.OBIE.PAN
  • Identification must be Credit Card PAN
  • Name

For API Profile v3.1.x RemittanceInformation: must be sent with Offer code/ID in the Reference field

For API Profile v4.0 RemittanceInformation: must be sent with Offer code/ID in the CreditorReferenceInformation-Reference field

/domestic-payment-consents

Money Transfers – Mandatory Requirements

Local Instrument: Is a mandatory field and must be provided as UK.OBIE.MoneyTransfer

Creditor Account:

  • SchemeName must be UK.OBIE.PAN
  • Identification must be Credit Card PAN
  • Name

Debtor Account: must be pre-populated in the consent request with details as:

  • SchemeName must be UK.OBIE.PAN
  • Identification must be Credit Card PAN
  • Name

For API Profile v3.1.x RemittanceInformation: must be sent with Offer code/ID in the Reference field

For API Profile v4.0 RemittanceInformation: must be sent with Offer code/ID in the CreditorReferenceInformation-Reference field

/domestic-payment-consents

/domestic-scheduled-payment-consents

Commercial Customers – Local Instrument Types supported.

The following local instrument types are acceptable for Commercial Customers:

Commercial Customers:

  • UK.OBIE.BACS
  • UK.OBIE.CHAPS
  • UK.OBIE.FPS

If the local instrument does not contain one of these values the consent request will be rejected.

/domestic-payment-consents

Commercial Customers – Local Instrument Types supported

The following local instrument types are acceptable for Commercial Customers:

  • UK.OBIE.BACS
  • UK.OBIE.CHAPS
  • UK.OBIE.FPS
  • UK.LBG.IAT

If the local instrument does not contain one of these values the consent request will be rejected

/domestic-payment-consents

/domestic-scheduled-payment-consents

Commercial Customers - Debit Account Reference

Commercial channel (CBO) customers can specify a debit account reference utilising Supplementary Data. The reference can be a maximum of 18 characters in length.

/funds-confirmation

Commercial Customer – Funds Confirmation Response

Due to the use of complex credit facilities and the manual payment referrals process, the confirmation of funds service will provide an explanatory message for Commercial (CBO) customers. This will be provided in Supplementary data.

/domestic-scheduled-payment-consents

Scheduled Payment Execution Date Rules.

Earliest “Payment Instructed” day is next working day for Scheduled Payments.

Requested Execution Date cannot be the same date as consent request. The payment can be requested to be executed from the next working day and up to 31 days in the future.

Any Execution Date provided outside of this time frame would result in an error response.

/domestic-standing-order-consents

Variable Amounts not supported for Standing Orders

Variable amount values are not supported for first and subsequent payments and will result in an error response if received in the request.

/domestic-standing-order-consents

Timezone in FirstPaymentDateTime field

Time zone for FirstPaymentDateTime field would be defaulted to system timezone in case it is not sent in the request.

/domestic-standing-order-consents

Standing Order Execution Date Rules.

Earliest First Payment Date is next working day for Standing Orders. It cannot be the same date as consent request.

/domestic-standing-order-consents

“Number of Payments” recurrence is not supported.

For API Profile v3.1.x, "Number of Payments" feature is not supported.

In API Profile v3.1.x and v4.0, "FinalPaymentDateTime" field should be provided in the request, otherwise the standing order will be open ended until customer takes action to cancel.

/domestic-standing-order-consents

Supported Standing Order Frequencies

For API Profile v3.1.x and v4.0 Only the following frequencies are supported by Lloyds Banking Group Domestic Standing orders:

v3.1.1x Frequencies v4.0 Frequencies
Weekly WEEK
Four Weekly FOWK
Monthly MNTH
Quarterly QURT
Half Yearly MIAN
Yearly YEAR
Two Monthly TWMH

Note: First Payment date and Final Payment date must have the same day value excluding Weekly and Four Weekly.

Example: Frequency: Monthly

First Payment date: (26/02/2019)

Final Payment date: (26/03/2019)

Exception is in place for month end i.e. 31/01/2019 with the next payment date 28/02/2019. This would be an acceptable date.

/domestic-standing-order-consents

Standing Order Frequencies

For all the Consent and Payment enquiry requests in API v4.0 for Consents and Payments created in v3.1.10, original frequency values sent in v3.1.10 Consent or Payment request will be mapped to Frequency.Type field in v4.0 Response.

/domestic-standing-order-consents

For v4.0, First Payment Date Time field is mandatory.

/domestic-payments

/domestic-scheduled-payments

/domestic-standing-orders

Time between Consent Authorisation and Payment Submission

There is a maximum time limit of 45 minutes for PISPs to complete payment submission following a successful authorisation of consent request.

Note: Where a first-time submission is recorded within the time limit mentioned above, any subsequent (idempotent) requests will return the status of the payment.

/domestic-payments

/domestic-scheduled-payments

/domestic-standing-orders

Payment Message Details.

Data will get truncated where API fields contain more characters than supported by the FPS scheme (ISO8583) format.

This would result in the beneficiary bank receiving truncated information. PISPs should be aware and may wish to cater for this in their front-end validation.

/domestic-payments

Payment Status – Enquiry Window.

PISPs can make enquiry call to find out the final outcome of payment. If the payment status has not reached a terminal payment status within 3 days (72 hours) then PISPs will need to raise a query with the Lloyds Banking Group.

Do not continue to poll the endpoint to query the payment status as this will result in error responses.

/domestic-payments

Commercial Customers - Domestic Payment Cut-Off times

BACS – Payments received after 17:00 will be rejected.

CHAPS – Payments received after 17:25 will be rejected.

FPS – Payments received after 23:55 will be processed the next day.

IAT – Transfers received after 23:45 will be rejected.

/domestic-payments

/domestic-scheduled-payments

Commercial Customers – CHAPS Payments

To support enhanced data requirements for CHAPS payments, the optional fields – PaymentCategory, Debtor/LEI and Creditor/LEI have been introduced in the Supplementary Data block of the request.

Enums acceptable for PaymentCategory field are ‘Property’ and ‘FItoFI’.

  1. When PaymentCategory is provided as ‘FItoFI’, PaymentPurposeCode in the Risk section and Debtor and Creditor LEIs are mandatory.

  2. When PaymentCategory is provided as ‘Property’, PaymentPurposeCode in the Risk section is mandatory.

  3. If PaymentCategory field is not provided in the request, Payment Purpose Code and LEI fields remain optional. However, if provided in the request, they must be valid and comply with request validations.

Refer section CHAPS Payment Purpose Codes list for valid enum mapped to each payment category.

/payment-details

Endpoints not supported.

Following optional/conditional endpoints in the API specification are not supported:

  • GET /domestic-payments/{DomesticPaymentId}/payment-details
  • GET /domestic-scheduled-payments/{DomesticScheduledPaymentId}/payment-details
  • GET /domestic-standing-orders/{DomesticStandingOrderId}/payment-details
All Endpoints

Characters Sets for Domestic Journeys

String fields are restricted to specific character sets and special characters are not allowed. Any special characters sent in the request may not be propagated to onward payment records and may result in an error response.
All Endpoints

JWS Base64 Encoding

JWS must be created with Base64 encoding. Failure to use the correct encoding in the creation of the JWS would result in an error response.

CHAPS – Payment Purpose Codes List

The table below lists the CHAPS Payment Purpose Codes and their validity (Y/N) across the payment categories, where ‘Y’ indicates the valid acceptable enum for the respective category.

CODE REGFIFI PROPERTY OTHER
BKFE Y N N
BKIP Y N N
BKPP Y N N
CBLK Y N N
INTC Y N Y
INTP Y N Y
DEPT Y N Y
ACCT Y N N
CASH Y N N
COLL Y N N
CSDB Y N N
LIMA Y N N
NETT Y N N
EXTD Y N N
OTCD Y N N
REPO Y N N
SBSC Y N N
SLEB Y N N
AGRT Y N Y
AREN Y N Y
BEXP Y N Y
BOCE Y N Y
COMC Y N Y
CPYR Y N Y
LICF Y N Y
SERV Y N Y
SUPP Y N Y
TRAD Y N Y
SUBS Y N Y
GDSV Y N Y
GSCB Y N Y
ROYA Y N Y
COMT Y N Y
CHAR Y N Y
ECPR Y N Y
EPAY Y N Y
COMP Y N Y
DBTC Y N Y
CLPR Y N Y
INTE Y N Y
LOAN Y N Y
LOAR Y N Y
RELG Y N Y
TRFD Y N Y
PENO Y N Y
INPC Y N Y
INPR Y N Y
INSC Y N Y
INSU Y N Y
LBRI Y N Y
LIFI Y N Y
PPTI Y N Y
HLRP Y Y N
HLST Y Y N
PLDS Y Y N
PDEP Y Y N
PCOM Y Y N
PLRF Y Y N
FORW Y N Y
FXNT Y N Y
IVPT Y N Y
REBT Y N Y
REFU Y N Y
CDBL Y N Y
CPKC Y N Y
EDUC Y N Y
FEES Y N Y
GAMB Y N Y
LOTT Y N Y
GIFT Y N Y
INSM Y N Y
REOD Y N Y
FAND Y N Y
GOVT Y N Y
TCSC Y N Y
BLDM Y Y N
RENT Y Y N
BNET Y N N
CORT Y N N
CMDT Y N Y
DERI Y N Y
DIVD Y N Y
FREX Y N Y
HEDG Y N Y
INVS Y N Y
SAVG Y N Y
SECU Y N Y
TREA Y N N
FNET Y N N
FUTR Y N N
HLTI Y N Y
DNTS Y N Y
LTCF Y N Y
MDCS Y N Y
VIEW Y N Y
SWFP Y N N
SWPP Y N N
SWRS Y N N
SWUF Y N N
BECH Y N Y
BENE Y N Y
SSBE Y N Y
PEFC Y N Y
PENS Y N Y
ADCS Y N Y
ALMY Y N Y
BONU Y N Y
COMM Y N Y
HREC Y N Y
SALA Y N Y
LREB Y N N
LREV Y N N
ESTX Y N Y
HSTX Y N Y
INTX Y N Y
PTXP Y N Y
RDTX Y N Y
TAXES Y N Y
VATX Y N Y
WHLD Y N Y
TAXR Y N Y
CBTV Y N Y
ELEC Y N Y
GASB Y N Y
PHON Y N Y
UBIL Y N Y
WTER Y N Y

INTERNATIONAL PAYMENTS VARIATIONS

There are several important variations relating to Payment Initiation APIs that PISPs should be aware of for our International Payment endpoints. These are detailed in the table below.

Note: These relate to Immediate International Payments only. International Scheduled Payments and International Standing Orders endpoints are not supported by Lloyds Banking Group. The variations apply to both the API Profile versions, v3.1.x and v4.0.

Endpoints Description

/international-payment-consents

Creditor Postal Address is mandatory.

The Creditor Postal Address is mandatory and must be provided in the consent request. Maximum three lines of unstructured address. Must include at least one Address Line and Country.

/international-payment-consents

Payment Schemes supported for International payment journeys.

Schemes supported for international payment journeys are:

  • UK.OBIE.SortCodeAccountNumber
  • UK.OBIE.BBAN
  • UK.OBIE.IBAN

For API Profile v3.1.10 UK.OBIE.Paym is not supported, in line with Pay.UK removing the service in March 2023.

For API Profile v4.0, UK.OBIE.Wallet & UK.OBIE.Paym are not supported.

Note: For API Profile v3.1.x, RemittanceInformation: must be sent with Offer code/ID in the Reference field.

For API Profile v4.0, RemittanceInformation: must be sent with Offer code/ID in the CreditorReferenceInformation-Reference field.

/international-payment-consents

Creditor Agent Address Requirements.

Creditor Agent must have at least either of the pairs provided:

Scheme Name and Identification or Name and Postal Address

Option 1: Scheme Name and Identification

Scheme Name accepted as UK.OBIE.BICFI, and BIC must be sent in Identification.

Creditor Agent Name and Address block are optional.

Option 2: Name and Postal Address

Creditor Agent Name is mandatory. Creditor Agent Postal Address block is mandatory and must be populated in the following format:

  • Two Address Lines
  • Town Name
  • Country

/international-payment-consents

Country Requirements - Sending money to the EEA and UK.

BIC/SWIFT and IBAN are mandatory requirements when sending money to the EEA and UK. PISPs will need to provide this information when sending International Payments to the following countries:

Albania, Austria, Belgium, Bosnia and Herzegovina, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Guernsey, Hungary, Iceland, Republic of Ireland, Italy, Jersey, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, The Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and UK.

Creditor Account Scheme Name must be set to UK.OBIE.IBAN.

Creditor Agent Scheme Name must be set to UK.OBIE.BICFI and BIC/SWIFT must be sent in Identification.

/international-payment-consents

Country Requirements - Sending money to the rest of the world.

Option 1: BIC/SWIFT and IBAN mandatory countries

BIC/SWIFT and IBAN are mandatory requirements when sending money to some non-EEA countries. PISPs will need to provide this information when sending International Payments to the following countries:

Andorra, Bahrain, Faroe Islands, Georgia, Gibraltar, Greenland, Isle of Man, Israel, Jordan, Kuwait, Lebanon, Macedonia, Montenegro, Moldova, Monaco, Pakistan, Palestine, Qatar, San Marino, Saudi Arabia, Switzerland, Tunisia, Turkey, and United Arab Emirates.

Creditor Account Scheme Name must be set to UK.OBIE.IBAN.

Creditor Agent Scheme Name must be set to UK.OBIE.BICFI and BIC/SWIFT must be sent in Identification.

Option 2: National Clearing Code mandatory countries

National Clearing Codes are mandatory for the following countries and are expected to be sent as detailed below for each respective country:

Australia: Bank-State-Branch (BSB) Code
Canada: Canadian Transit Number
Hong Kong: Bank Code of Hong Kong
India: IFSC - Indian Financial Sys Code
New Zealand: New Zealand National Clearing Code
South Africa: South Africa National Clearing
United States: Fedwire code

Creditor Account Scheme Name can be sent as BBAN or SCAN

Creditor Agent Scheme Name must be UK.LBG.Clearingcode

Option 3: All other countries

Creditor Account Scheme Name can be IBAN, BBAN or SCAN.

Creditor Agent Scheme Name must be set to UK.OBIE.BICFI when IBAN is provided for Creditor Account, and BIC/SWIFT must be sent in Identification.

Creditor Agent Address must be sent when BBAN or SCAN are provided for Creditor Account, with the additional details being mandatory:

  • Creditor Agent Name must be provided
  • Postal Address block must be provided as Two Address Lines, Town Name and Country

/international-payment-consents

Payment Risk Categorisation must be provided in OBRisk.

For PISP initiated payments to be processed the payment must be categorised

Payment Context Code field in OBRisk is mandatory

/international-payment-consents

Initiation Parent Block – Request Field Validations.

Charge Bearer: Borne by Creditor is not supported. Consent requests with this value will result in an error response.

Currency Of Transfer:

  • Must be sent as either GBP or the same as Instructed Amount Currency.
  • When Currency Of Transfer has been provided as GBP, the Instructed Amount Currency must also be GBP.

Instruction Priority: Lloyds Banking Group do not offer Instruction priority for International Payment requests. All requests will be treated as ‘Normal’.

Local Instrument: No value is expected to be received in this field

/international-payment-consents

Exchange Rate Information – Request Field Validations

Contract Identification and Exchange Rate: This functionality for ‘Agreed’ rates is not supported and therefore these fields must not be sent in the request.

Rate Type: Only "Actual" is supported. All other Rate Types provided in the request will result in an error response

Note: Where payment requires multiple party authorisations the Exchange Rate Information displayed to user and sent in the response will be ‘Indicative’.

Unit Currency: is a mandatory field within the exchange rate block. If this block is provided in the request, then this must be sent as GBP

/international-payment-consents

Instructed Amount & Currency – Request Field Validations.

Currency Field Validations

Most currencies support two decimal places for Instructed Amount e.g. GBP

Certain currencies support up to a maximum of three decimal places i.e. Kuwaiti Dinar.

Japanese Yen must be sent as a whole integer value. Zero decimal points are supported for this currency

Note: When Currency Of Transfer has been provided as GBP, the Instructed Amount Currency must also be GBP.

Requests sent where the amount exceeds 3 decimal places will result in error response.

For International payment the minimum payment amount is £1.00 (after currency transfer).

/international-payment-consents

SCA Exemption requests from PISPs is not supported.

PISPs cannot use SCA Support Data block to request SCA Exemption as this is not supported. If consent request is received, this will not be processed and will result in an error response.

/international-payment-consents

Multi Party Authorisation - Support for > ‘1 to sign’ payments.

Some Business customers have set up Multi Party authorisation for > ‘1 to sign’ payments using Online Payment Control (OPC).

PISPs should include OBAuthorisation1 data block in consent requests for these customers. Completion Date Time functionality is not supported.

For payments that require Multi Party authorisation, additional approvals occur in our direct channel before the payments are processed, due to which the terminal payment status may not be available.

/international-payment-consents

Payment Reason Code – Country Requirements

Some Countries mandate the need for the purpose or reason for payment. PISPs are expected to provide this information in Extended Purpose field in the consent request for it to be processed

Note: For v3.1.x, Data.Initiation.Purpose as defined in the API specifications will not be used and may lead to error responses.

For V4.0 Data.Initiation.Purpose is not applicable.

United Arab Emirates and Jordan: These countries require reason codes specific to their own country requirements. Please refer to detailed section on acceptable values.

All Other Countries: A generic set of reasons are used. These are also detailed separately and should be referred to for acceptable values.

Note: In all cases, only the reason code should be sent, without the additional text description.

e.g. R24 should be sent. R24 School Fees would result in error response.

/international-payment-consents

Risk – Contract Present Indicator

OBRisk block will only accept the correct spelling for Contract Present Indicator field. Any requests received with the incorrect spelling will result in an error response.

Risk – Delivery Address

Country Code and Town Name are required if Risk Delivery Address details are provided.

/payment-details

Endpoints not supported.

The implementation for File Payments does not support following optional/conditional endpoints in the API specification:

  • GET /international-payments/{InternationalPaymentId}/payment-details

/international-payments

Time between Consent Authorisation and Payment Submission.

There is a maximum time limit of 90 seconds for PISPs to complete payment submission following a successful authorisation of consent request. This is due to live exchange rates being quoted for the transaction.

If the first payment submission request is received after 90 seconds this will result in the payment request being rejected.

/international-payment-consents
/international-payments

JWS Base64 Encoding

JWS must be created with Base64 encoding. Failure to use the correct encoding in the creation of the JWS would result in an error response.

/international-payment-consents
/international-payments

Characters Sets for International Payments

String fields are restricted to specific character sets and special characters are not allowed. Any special characters sent in the request may not be propagated to onward payment records and may result in an error response.

Generic Countries – Payment Reason Code

Code Reason Description Code Reason Description
R01 Charitable Donation R15 Rent
R02 Expenses R16 Salary
R03 Family Maintenance R17 Tax
R04 Fx Currency Non-Resident Deposit R18 Wages
R05 Fees R20 Commission
R06 Gift R21 Purchase of Shares
R07 Holiday R22 Grant
R08 Hotel R23 House Purchase Resident
R09 Invoice R24 School Fees
R10 Loan R25 Other
R11 Medical R26 House Purchase Non-Resident
R12 Own Account Transfer R27 Inheritance
R13 Pension R28 Relocation
R14 Personal Transfer R29 Mortgage Payment

United Arab Emirates– Payment Reason Code

Code Reason Description
ACM Agency Commissions
AES Advance payment against EOS
AFA Receipts or payments from personal resident bank account or deposits abroad
AFL Receipts or payments from personal non-resident bank account in the UAE
ALW Allowance
ATS Air transport
BON Bonus
CCP Corporate Card Payments
CEA Equity and investment fund shares for the establishment of new company from residents abroad, equity of merger or acquisition of companies abroad from residents and participation to capital increase of related companies abroad
CEL Equity and investment fund shares for the establishment of new company in the UAE from non-residents, equity of merger or acquisition of companies in the UAE from non-residents and participation to capital increase of related companies from non-residents in the UAE
CHC Charitable Contributions (Charity and Aid)
CIN Commercial Investments
COM Commission
COP Compensation
CRP Credit Card Payment
DCP Debit Card Payments
DIV Dividend Payouts From FI
DLA Purchases and sales of foreign debt securities in not related companies - More than a year
DLF Debt instruments intragroup loans, deposits foreign (above 10% share)
DLL Purchases and sales of securities issued by residents in not related companies - More than a year
DOE Dividends on equity not intragroup
DSA Purchases and sales of foreign debt securities in not related companies - Less than a year
DSF Debt instruments intragroup foreign securities
DSL Purchases and sales of securities issued by residents in not related companies - Less than a year
EDU Educational Support
EMI Equated Monthly Instalments
EOS End of Service / Final Settlement
FAM Family Support (Workers' remittances)
FDA Financial derivatives foreign
FDL Financial derivatives in the UAE
FIA Investment fund shares foreign
FIL Investment fund shares in the UAE
FIS Financial services
FSA Equity other than investment fund shares in not related companies abroad
FSL Equity other than investment fund shares in not related companies in the UAE
GDE Goods sold (Exports in fob value)
GDI Goods bought (Imports in cif value)
GMS Processing repair and maintenance services on goods
GOS Government goods and services embassies etc.
GRI Government related income taxes, tariffs, capital transfers, etc.
IFS Information services
IGD Dividends intragroup
IGT INTER GROUP TRANSFER
IID Interest on debt intragroup
INS Insurance services
IOD Income on deposits
IOL Income on loans
IPC Charges for the use of intellectual property royalties
IPO IPO Subscriptions
IRP INTEREST RATE SWAP PAYMENTS
IRW INTEREST RATE UNWIND PAYMENTS
ISH Income on investment funds shares
ISL Interest on securities more than a year
ISS Interest on securities less than a year
ITS Computer services
LAS Leave Salary
LDL Debt instruments intragroup loans, deposits in the UAE (above 10% share)
LDS Debt instruments intragroup securities in the UAE
LEA Leasing abroad
LEL Leasing in the UAE
LIP Loan Interest Payments
LLA Loans - Drawings or Repayments on loans extended to non-residents - Long-term
LLL Loans - Drawings or Repayments on foreign loans extended to residents - Long-term
LNC Loan Charges
LND Loan Disbursements From FI
MCR Monetary Claim Reimbursements
MWI MOBILE WALLET CARD CASH-IN
MWO MOBILE WALLET CARD CASH-OUT
MWP MOBILE WALLET CARD PAYMENTS
OAT OWN ACCOUNT TRANSFER
OTS Other modes of transport (including Postal and courier services)
OVT Overtime
PEN Pension
PIN Personal Investments
PIP Profits on Islamic products
PMS Professional and management consulting services
POR Refunds/Reversals on IPO subscriptions
POS POS Merchant Settlement
PPA Purchase of real estate abroad from residents
PPL Purchase of real estate in the UAE from non-residents
PRP PROFIT RATE SWAP PAYMENTS
PRR Profits or rents on real estate
PRS Personal, cultural, audio visual and recreational services
PRW PROFIT RATE UNWIND PAYMENTS
RDA Reverse debt instruments abroad
RDL Reverse debt instruments in the UAE
RDS Research and development services
REA Reverse equity shares abroad
REL Reverse equity shares in the UAE
RFS Repos on foreign securities
RLS Repos on securities issued by residents
RNT Rent Payments
SAA Salary Advance
SAL Salary (Compensation of employees)
SCO Construction
SLA Loans - Drawings or Repayments on loans extended to non-residents - Short-term
SLL Loans - Drawings or Repayments on foreign loans extended to residents - Short-term
STR Travel
STS Sea transport
SVI STORED VALUE CARD CASH-IN
SVO STORED VALUE CARD CASH-OUT
SVP STORED VALUE CARD PAYMENTS
TCP Trade credits and advances payable
TCR Trade credits and advances receivable
TCS Telecommunication services
TKT Tickets
TOF Transfer of funds between persons Normal and Juridical
TTS Technical, trade-related and other business services
UTL Utility Bill Payments
TAX TAX Payment

Jordan – Payment Reason Code

Code Reason Description Code Reason Description
0101 Invoice Payment & Purchase 0704 UN Aid
0102 Utility Bill Payment 0705 Charity Communities Aid
0103 Prepaid Card Recharging 0801 Telecommunication Services
0104 Standing Orders 0802 Financial Services
0105 Personal Donations 0803 Information Technology Services
0106 Family Assistance and Expenses 0804 Consulting Services
0107 Individual Social Security Subscriptions 0805 Construction Services
0108 Associations Subscriptions 0806 Maintenance & Assembling Services
0109 Saving and Funding Account 0807 Marketing and Media Services
0110 Heritance 0808 Mining Services
0111 End of Service indemnity 0809 Medical & Health Services
0201 Public Sector Employee Salaries 0810 Cultural, Educational & Entertainment Services
0202 Labourers Salaries 0811 Rental Expenses
0203 Private Sector Staff Salaries 0812 Real Estate
0204 Jordanian Diplomatic Staff Salaries 0813 Taxes
0205 Foreign Diplomatic Salaries 0814 Fees
0206 Overseas Incoming Salaries 0815 Commissions
0207 Civil / Military Retirement Salaries 0816 Franchise and License Fees
0208 Social Security Retirement Salaries 0817 Cheque Collection
0209 Establishment Social Security Subscription 0818 Membership Fees
0301 Investment Revenues 0901 Municipality Funds
0302 Brokerage Investment 0902 Government Funds
0303 Insurance 0903 Private Sector Funds
0304 Subscriptions to international nonmonetary organisations 0904 External Incoming Funds
0305 Local Investment 1001 International Communities and Embassies Remittances
0306 External Investment 1002 Permanent Diplomatic Missions
0307 Tender bond Guarantee 1003 Temporary Diplomatic Missions
0401 Air Freight 1004 Jordanian Embassies Income
0402 Land Freight 1101 Long-Term Loans Instalments / Public Sector
0403 Sea Freight 1102 Long-Term Loans interest Instalments / Public Sector
0404 Travel and Tourism 1103 Short-Term Loans Instalments / Public Sector
0501 Governmental Delegation Transfers 1104 Short-Term Loans interest Instalments / Public Sector
0502 Private Sector Delegation Transfers 1105 Long-Term Loans Instalments / Private Sector
0503 Governmental Education 1106 Long-Term Loans interest Instalments / Public Sector
0504 Private Sector Education 1107 Short-Term Loans Instalments /Private Sector
0601 Public Sector Exportation 1108 Short-Term Loans interest Instalments / Private Sector
0602 Private Sector Exportation 1109 Loans Instalments Against Governmental Guarantee
0603 Public Sector Importation 1110 Loans Interest Instalments Against Governmental Guarantee
0604 Private Sector Importation 1111 Credit Card Payment
0701 Religious Communities Aid 1112 Personal Loan Payment
0702 International Communities Aid 1201 Rerouting
0703 Arab Communities Aid 1202 Scientific Research Support

FILE PAYMENTS VARIATIONS

There are several important variations relating to Payment Initiation APIs that PISPs should be aware of for our File Payment endpoints. These are detailed in the table below.

Endpoints Description

/file-payment-consents
/file-payments

Functionality available for Business Customers only.

Currently only Business customers using Business Banking (O4B/BIB), or Mobile App can access file payment endpoints functionality.

Commercial Customers using Commercial Banking Online (CBO) will not be able initiate payments using File Payment endpoints.

/file-payment-consents

Multi Party Authorisation - Support for > ‘1 to sign’ payments.

Some Business customers have set up Multi Party authorisation for > ‘1 to sign’ payments using Online Payment Control (OPC).

PISPs should include OBAuthorisation1 data block in consent requests for these customers. Completion Date Time functionality is not supported.

For payments that require Multi Party authorisation, additional approvals occur in our direct channel before the payments are processed, due to which the terminal payment status may not be available.

/file-payment-consents

File Type Enumerations.

The File Type in consents request must contain one of the following values for the payment file type:

  • UK.LBG.O4B.BULK.BACS
  • UK.LBG.O4B.BATCH.FPS

If any other value is sent in the request, then this will be rejected.

/file-payment-consents

Initiation Block – Request Field Validations.

The following fields are mandatory for LBG and must be provided in the consent request:

  • ControlSum
  • NumberofTransactions

Any requests not providing these details will be rejected.

/file-payment-consents

Requested Execution Date Time Validations.

  • File Type is UK.LBG.O4B.BATCH.FPS: This field should not be sent in the request and will result in an error response. The date of execution will be determined based on the payment date details provided within the file.
  • File Type is UK.LBG.O4B.BULK.BACS: This field must be sent in the request else will result in an error response.

/file-payment-consents

SCA Exemption requests from PISPs is not supported.

PISPs cannot use SCA Support Data block to request SCA Exemption as this is not supported. If consent request is received, this will not be processed and will result in an error response.

/file-payment-consents
/file

Bulk Payment File Cut-Off Times.

Business customers processing a Bulk payment file will see a warning message displayed on the Lloyds Banking Group Secure Payments Gateway screens from 17:45. This warns of the impending cut off time.

This will be displayed until 18:00 which is the hard cut-off time.

/file

Payment File must be sent in csv. format.

Lloyds Banking Group will accept only two file specifications in a csv. file format:

  • Bulk File for Bacs scheme
  • Batch File for FPS scheme

The specification for these files including details of format, structure, field length and character sets are detailed in File Layout sections.

Any files received not in the given format for the File Type provided in the consent will be rejected.

/file-payments

Field Length and Truncations

Data will get truncated where csv. file fields contain more characters than supported by the schemes.

Scheme standards are:

  • Faster Payment Service (ISO8583)
  • Bacs (STD18)

/file-payments
/payment-details

Endpoints not supported.

The implementation for File Payments does not support following optional/conditional endpoints in the API specification:

  • GET /file-payments/{FilePaymentId}/report-file
  • GET /file-payments/{FilePaymentId}/payment-details

/file-payment-consents
/file
/file-payments

Characters Sets for File Payments

String fields are restricted to specific character sets and special characters are not allowed. Any special characters sent in the request may not be propagated to onward payment records and may result in an error response.

/file-payment-consents
/file-payments

Initiation Block Validations

The following fields will have additional validations:

  • NumberOfTransactions: minimum 1 required
  • ControlSum: minimum value of 0.01 required
  • LocalInstrument: Only UK.OBIE.BACS and UK.OBIE.FPS accepted
  • DebtorAccount.SchemeName: Only UK.OBIE.SortCodeAccountNumber, UK.OBIE.BBAN, UK.OBIE.IBAN accepted

File Layout – Bulk Payments (BACS)

File Template
Header Indicator

(Single character always H)

 Date of file creation

(Format yyyymmdd)

 Unique file ID

(10 character field)

 Number of Credits

(Count of credits within the file - max of 25)

 Value

(Total value of credits in the file)

  
H 20220301 9876543210 5 10.20  
Debit Indicator

(Single character always D)

 Payment Date

(Format yyyymmdd)

 Batch Reference

(18 character field)

 Debit Account Details

(15 character field with sort code-Account Number detailed)

    
D 20220302 Test payments 309664-12345679    
Credit Indicator

(Single character of C must be present for each credit)

 Recipient

(Alpha numeric field containing beneficiaries name, maximum length 18 characters)

 Recipient Sort Code

(numeric field must be 6 characters in length)

 Recipient Account Number

(numeric field must be 8 characters in length)

 Reference

(18 character field)

 Amount

(18 character decimal field)
c Freds No1 account 100000 12345678 Test 1 0.04
c Freds No1 account 100000 12345678 Test 2 1.04
c Freds No1 account 100000 12345678 Test 3 2.04
c Freds No1 account 100000 12345678 Test 4 3.04
c Freds No1 account 100000 12345678 Test 5 4.04
 
Actual File
H 20220301 9876543210 5 10.20  
D 20220302 Test payments 309664-12345679    
c Freds No1 account 100000 12345678 Test 1 0.04
c Freds No1 account 100000 12345678 Test 2 1.04
c Freds No1 account 100000 12345678 Test 3 2.04
c Freds No1 account 100000 12345678 Test 4 3.04
c Freds No1 account 100000 12345678 Test 5 4.04
 

File Layout – Batch Payments (FPS)

File Template
Header Indicator

(Single character always H)

 Date of file creation

(Format yyyymmdd)

 Unique file ID

(10 character field)

 Number of Credits

(Count of credits within the file - max of 25)

 Value

(Total value of credits in the file)
H 20220301 9876543210 3 0.6
Debit Indicator

(Single character always D)

 Batch Reference

(18 character field)

 Debit Account Details

(15 character field with sort code-Account Number detailed)
D Test payments 309664-12345679
Credit Indicator

(Single character of C must be present for each credit)

 Recipient Name

(Alpha numeric field containing beneficiaries name, maximum length 18 characters)

 Recipient Account Number

(numeric field must be 8 characters in length)

 Recipient Sort Code

(numeric field must be 6 characters in length)

 Reference

(18 character field)

 Debit Amount

(18 character decimal field)

 Payment ASAP

(For value today payments set to Y otherwise set to N)

 Payment Date

(Format yyyymmdd, must be left blank if Payment ASAP is set to Y)

 E to E Reference

(256 character field)
c BENEFICIARY NAME 12345678 301763 BENEFICIARY REFERE 0.1 N 20180121 END TO END REFERENCE
c BENEFICIARY NAME 12345678 301763 BENEFICIARY REFERE 0.2 Y   END TO END REFERENCE
c BENEFICIARY NAME 12345678 301763 BENEFICIARY REFERE 0.3 N 20180121 END TO END REFERENCE
 
Actual File
H 20220301 9876543210 3 0.6
D Test payments 309664-12345679    
c BENEFICIARY NAME 12345678 301763 BENEFICIARY REFERE 0.1 N 20180121 END TO END REFERENCE
c BENEFICIARY NAME 12345678 301763 BENEFICIARY REFERE 0.2 Y   END TO END REFERENCE
c BENEFICIARY NAME 12345678 301763 BENEFICIARY REFERE 0.3 N 20180121 END TO END REFERENCE
 

VARIABLE RECURRING PAYMENTS VARIATIONS

There are several important variations relating to Variable Recurring Payment APIs that PISPs should be aware when using this service. These are detailed in the table below.

Endpoints Description
/domestic-vrp-consents
/domestic-vrps

APIs support use cases that meet the definition of sweeping only.

Variable Recurring Payment under Sweeping Access will be allowed using VRP APIs. This restricts what values would be accepted in a consent request:

  • VRP Type must be ‘UK.OBIE.VRPType.Sweeping’
  • customer Authentication Methods must be ‘UK.OBIE.SCANotRequired’

All other enumeration values provided in the specification are not accepted and would result in error response.
/domestic-vrp-consents
/domestic-vrps

APIs are not supported for Commercial Customers.

Commercial Customers using Commercial Banking Online (CBO) will not be able to set up Variable Recurring Payments.

Retail Customer using Internet Banking (IB) or Mobile App and Business Customers using Business Banking (O4B/BIB), or Mobile App will be able to set up Variable Recurring Payments.
/domestic-vrp-consents

Payment Risk Categorisation must be provided in OBRisk.

For PISP initiated payments to be processed the payment must be categorised. Payment Context Code field in OBRisk is mandatory.

Acceptable values are ‘Party to Party’ or ‘Transfer to Self’.

All other Payment Context Codes will not be accepted for Variable Recurring Payments under Sweeping Access.
/domestic-vrp-consents

Creditor Account details must be sent in consent request.

Initiation.CreditorAccount details must be populated in the consent request. Any requests not providing Creditor Account details will be rejected.

Schemes supported are:

  • UK.OBIE.SortCodeAccountNumber
  • UK.OBIE.BBAN
  • UK.OBIE.IBAN

UK.OBIE.Paym is not supported, in line with Pay.UK removing the service in March 2023.

UK.OBIE.Wallet is not supported.
/domestic-vrp-consents

Consents can be set up no more than 31 days in the future.

ValidFromDateTime cannot occur more than 31 days in the future.

Where no date is provided, then creation date will be used to determine consent is active.

ValidToDateTime cannot be the same date as consent request and must fall after ValidFromDateTime.

Where no date is provided, then consent will remain active until a point customer takes an action to revoke or delete consent.
/domestic-vrp-consents

Risk – Contract Present Indicator

OBRisk block will only accept the correct spelling for Contract Present Indicator field. Any requests received with the incorrect spelling will result in an error response.

Risk – Delivery Address

Country Code and Town Name are required if Risk Delivery Address details are provided.
/domestic-vrp-consents
/funds-confirmation
/domestic-vrps

Amount fields support up to 2 decimal places only.

Requests sent where the amount field exceeds 2 decimal places will result in error response.

Consents:

  • MaximumIndividualAmount.Amount
  • PeriodLimits.Amount

Consent funds-confirmation:

  • InstructedAmount.Amount

Payments:

  • Instruction.InstructedAmount.Amount
/domestic-vrp-consents

Control Parameter Exceptions.

Consent request can support up to six instances of Period Limits within one request, however the period type cannot be duplicated within that same consent request.

The combination of Period Type of Fortnight and Period Alignment of Calendar cannot be supported. Requests with this combination will result in an error response.

Consent requests that contain Period Alignment of Calendar will have the amount pro-rated for the first and last period.

Do not accept Maximum Individual Amount value as less than £1.00.
/funds-confirmation

Reference details must match.

A funds confirmation request must include the same reference as provided in the original consent request. The request will be rejected if this is not provided or does not match.
/payment-details

Endpoints not supported.

The implementation for Variable Recurring Payments does not support optional endpoint in the API specification:

GET /domestic-vrps/{DomesticVRPId}/payment-details
/domestic-vrp-consents
/funds-confirmation
/domestic-vrps

Characters Sets for Variable Recurring Payments

String fields are restricted to specific character sets and special characters are not allowed. Any special characters sent in the request may not be propagated to onward payment records and may result in an error response.
/domestic-vrp-consents/{ConsentId}

v4.0 Migration of v3.x long-lived consents to v4.0

To allow the longevity of the long-lived consents of users that were created in previous API versions v3.x, a PUT operation can be performed to migrate the consent to support Variable Recurring Payment submission in v4.0.

It is not possible to submit a payment in v4.0 with a long-lived consent created in previous API versions v3.x.

PATCH operation is currently not supported.
/domestic-vrp-consents/{ConsentId}

v4.0 Migration of v3.x long-lived consents to v4.0-Request Body

The entire Request body and Headers must be updated as part of the PUT operation, including fields that are not changing. The consent request body may not be modified. The information provided in the older API version (v3.x) must be identical to the one being provided in the Request body to be migrated to v4.0
/domestic-vrp-consents/{ConsentId}

v4.0 Migration of v3.x long-lived consents to v4.0 – Payment Context Codes

The Payment Context Code “PartytoParty” will be deprecated in v4.0. For any consents with this Payment Context Code or any Payment Context Code that is invalid in v4.0, the TPP is required to initiate a new consent.

PAYMENT INITIATION ERROR SCENARIOS

Header Error Responses

Scenario Expected ASPSP Response v4.0 Expected ASPSP Response v3.1.x Expected TPP Action
TPP attempts to use POST operation with invalid details in the header

Http Status: 400

ErrorCode: U006

Message: UK.OBIE.Header.Invalid - x-fapi-customer-last-logged-time is not in a valid format

Http Status: 400

Code: 400 BadRequest

Message: Invalid request parameters

Error Code: UK.OBIE.Header.Invalid

Message: x-fapi-customer-last-logged-time is not in a valid format

Re-attempt POST operation with a valid header

Corrective action required is provided in Error message.
TPP attempts to use POST operation with header details missing

Http Status: 400

ErrorCode: U007

Message: UK.OBIE.Header.Missing - x-idempotency-key is missing in the request

Http Status: 400

Code: 400 BadRequest

Message: Invalid request parameters

Error Code: UK.OBIE.Header.Invalid

Message: x-idempotency-key is missing in the request

Re-attempt POST operation with a valid header

Corrective action required is provided in Error message.
TPP attempts to use POST operation with the same idempotency key after 24 hours

Http Status: 409

ErrorCode: U029

Message :
Resource with same parameters already exists or in a state that doesn't allow requested operation

Http Status: 400

Code: 409 ResourceAlreadyExists

Message: ResourceAlreadyExists

Error Code: UK.OBIE.Rules.ResourceAlreadyExists

Message:Resource with same parameters already exists or in a state that doesn't allow requested operation

Idempotency supported for 24-hour period.

After 24 hours a new request should be created.

Signature Error Responses

Scenario Expected ASPSP Response v4.0 Expected ASPSP Response v3.1.x Expected TPP Action
TPP attempts to use POST operation with signature details missing

Http Status: 409

ErrorCode: U019

Message :UK.OBIE.Signature.Missing - x-jws-signature is missing in the header

Http Status: 400

Code: 400

Message: Signature missing

Error Code: UK.OBIE.Signature.Missing

Message: x-jws-signature is missing in the header

Re-attempt POST operation with a valid signature included.

Corrective action required is provided in Error message. For example:

Message: x-jws-signature is missing in the header
TPP attempts to use POST operation with invalid details in the signature

Http Status: 400

ErrorCode: U015

Message :UK.OBIE.Signature.Invalid - x-jws-signature in the header is invalid

Http Status: 400

Code: 400

Message: Signature invalid

Error Code: UK.OBIE.Signature.Invalid

Message: x-jws-signature in the header is invalid

 Re-attempt POST operation with a valid signature
TPP attempts to use POST operation with a malformed signature

Http Status: 400

ErrorCode: U018

Message :x-jws-signature in the header was malformed

Http Status: 400

Code: 400

Message: Signature malformed

Error Code: UK.OBIE.Signature.I

Message: x-jws-signature in the header was malformed

 Re-attempt POST operation with a valid signature

Request Error Responses

Scenario Expected ASPSP Response v4.0 Expected ASPSP Response v3.1.x Expected TPP Action
TPP attempts to set up a payment consent with mandatory field(s) missing from the request payload.

Http Status: 400

ErrorCode: U004

Message :UK.OBIE.Field.Missing - Amount is missing in the request

Path: Data.Initiation.InstructedAmount.Amount

Http Status: 400

Code: 400 BadRequest

Message: Invalid request parameters

Error Code: UK.OBIE.Field.Missing

Message: Amount is missing in the request

Path: Data.Initiation.InstructedAmount.Amount

Create a new consent using a POST operation with a valid payload.

Take the PSU through an authentication journey.

Corrective action required is provided in Error message.
TPP attempts to set up a payment consent with invalid details provided in the request payload.

Http Status: 400

ErrorCode: U002

Message :UK.OBIE.Field.Invalid - PaymentContextCode is not in a valid format

Path: Risk.PaymentContextCode

Http Status: 400

Code: 400 BadRequest

Message: Invalid request parameters

Error Code: UK.OBIE.Field.Invalid

Message: PaymentContextCode is not in a valid format

Path: Risk.PaymentContextCode

Create a new consent using a POST operation with a valid payload.

Take the PSU through an authentication journey.

Corrective action required is provided in Error message.
TPP attempts to access a payment consent resource with an invalid consent id.

Http Status: 400

ErrorCode: U011

Message :UK.OBIE.Resource.NotFound - Consent Id not found

Http Status: 400

Code: 400 BadRequest

Message: Resource not found

Error Code: UK.OBIE.Resource.NotFound

Message: Consent Id not found

Reattempt with a valid Consent ID.

Else, create a new consent using a POST operation.

Take the PSU through an authentication journey.
TPP attempts to set up a payment consent for a date in the past.

Http Status: 400

ErrorCode: U003

Message :UK.OBIE.Field.InvalidDate - CompletionDateTime is not in a valid format

Http Status: 400

Code: 400 BadRequest

Message: Invalid request parameters

Error Code: UK.OBIE.Field.InvalidDate

Message: CompletionDateTime is not in a valid format

Path: Data.Authorisation.CompletionDateTime

Create a new consent using a POST operation.

Take the PSU through an authentication journey.
TPP attempts to set up a payment consent with a future date that is not supported.

Http Status: 400

ErrorCode: U003

Message : UK.OBIE.Field.InvalidDate - RequestedExecutionDateTime cannot be more than 31 days in the future

Path: Data.Initiation.RequestedExecutionDateTime

Http Status: 400

Code: 400 BadRequest

Message: Invalid request parameters

Error Code: UK.OBIE.Field.InvalidDate

Message: RequestedExecutionDateTime cannot be more than 31 days in the future

Path: Data.Initiation.RequestedExecutionDateTime

Create a new consent using a POST operation.

Take the PSU through an authentication journey.

Valid future dates expected are documented in Implementation Guide.
TPP attempts to set up a payment consent with a scheme that is not supported.

Http Status: 400

ErrorCode: U027

Message : UK.OBIE.Unsupported.Scheme - SchemeName value is not supported

Path: Data.Initiation.CreditorAccount.SchemeName

Http Status: 400

Code: 400 BadRequest

Message: Invalid request parameters

Error Code: UK.OBIE.Unsupported.Scheme

Message: SchemeName value is not supported

Path: Data.Initiation.CreditorAccount.SchemeName

Create a consent using a POST operation with a payment scheme that is supported.

Take the PSU through an authentication journey.

Payment journeys supported are documented in Implementation Guide.
TPP attempts to set up a payment consent with a Local Instrument that is not supported.

Http Status: 400

ErrorCode: U026

Message : UK.OBIE.Unsupported.LocalInstrument - LocalInstrument value is not supported

Path: Data.Initiation.LocalInstrument

Http Status: 400

Code: 400 BadRequest

Message: Invalid request parameters

Error Code: UK.OBIE.Unsupported.LocalInstrument

Message: LocalInstrument value is not supported

Path: Data.Initiation.LocalInstrument

Create a consent using a POST operation with a Local Instrument that is supported.

Take the PSU through an authentication journey.

Payment journeys supported are documented in Implementation Guide.
TPP attempts to set up a payment consent with a currency that is not supported.

Http Status: 400

ErrorCode: U023

Message : UK.OBIE.Unsupported.Currency - Currency value is not supported

Path: Data.Initiation.InstructedAmount.Currency

Http Status: 400

Code: 400 BadRequest

Message: Invalid request parameters

Error Code: UK.OBIE.Unsupported.Currency

Message: Currency value is not supported

Path: Data.Initiation.InstructedAmount.Currency

Create a new payment order consent using a POST operation with a currency that is supported.

Take the PSU through an authentication journey.

Currencies supported are documented in Implementation Guide.
TPP attempts to set up a payment consent with an Account Identifier that is not supported for the payment journey.

Http Status: 400

ErrorCode: U021

Message : UK.OBIE.Unsupported.AccountIdentifier - Identification value is not supported

Http Status: 400

Code: 400 BadRequest

Message: Invalid request parameters

Error Code: UK.OBIE.Unsupported.AccountIdentifier

Message: Identification value is not supported

Create a new payment consent using a POST operation with an Account Identifier that is supported by the payment journey.

Take the PSU through an authentication journey.

Supported Account Identifiers for payment journeys are documented in Implementation Guide.

TPP attempts to submit payment order using a Consent ID that has an invalid consent status.

Sub-scenario: The underlying consent is status is set to ‘RJCT’(Rejected) or ‘AWAU’(AwaitingAuthorisation)

Http Status: 400

ErrorCode: U009

Message : UK.OBIE.Resource.InvalidConsentStatus - Invalid consent status

Http Status: 400

Code: 400 BadRequest

Message: Invalid consent status

Error Code: UK.OBIE.Resource.InvalidConsentStatus

Message: Invalid consent status

Create a new consent using a POST operation.

Take the PSU through an authentication journey.

TPP attempts to submit payment order using details that do not match the Consent resource.

Http Status: 400

ErrorCode: U008

Message : UK.OBIE.Resource.ConsentMismatch - Initiation data does not match the consent

Http Status: 400

Code: 400 BadRequest

Message: Consent Mismatch

Error Code: UK.OBIE.Resource.ConsentMismatch

Message: Initiation data does not match the consent

Re-attempt POST operation with details that match consent resource.

Else, create a new consent using a POST operation.

Take the PSU through an authentication journey.
TPP attempts to set up a payment consent with an unexpected field in the request payload

Http Status: 400

ErrorCode: U005

Message :UK.OBIE.Field.Unexpected - Unexpected field received in the request

Http Status: 400

Code: 400 BadRequest

Message: Invalid request parameters

Error Code: UK.OBIE.Field.Unexpected

Message: Unexpected field received in the request

Create a new consent using a POST operation with a valid payload.

Take the PSU through an authentication journey.

Corrective action required is provided in Error message.

TPP Create a consent in Newer version and use it on previous version

(If the consent is created in 4.0 and TPP calls 3.1.x resource)

 Http Status: 403 NA

Retry with resource endpoints on same API version as consent
ASPSP downstream services or server is down.

Http Status: 400

ErrorCode: U000

Message :UK.OBIE.UnexpectedError - Due to a technical problem, the request cannot be completed at this moment

Http Status: 500

Code: 500 UnexpectedError

Message: Unexpected error

Error Code: UK.OBIE.UnexpectedError

Message: Due to a technical problem, the request cannot be completed at this moment

 Retry Later.

VARIABLE RECURRING PAYMENTS ERROR SCENARIOS

Header Error Responses

Scenario Expected ASPSP Response v4.0 Expected ASPSP Response Expected TPP Action

TPP attempts to use POST operation with invalid details in the header

HTTP Status - 400

ErrorCode: U006,

Message: UK.OBIE.Header.Invalid - <header name> is not in a valid format.

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Header.Invalid

Error Type:
InvalidRequestHeader

Re-attempt POST operation with a valid header

Corrective action required is provided in Error message.
For example:

Message: x-fapi-customer-last-logged-time is invalid

TPP attempts to use POST operation with header details missing

HTTP Status - 400

ErrorCode: U007,

Message: UK.OBIE.Header.Missing - <header name> is missing in the request.

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Header.Missing

Error Type:
InvalidRequestHeader

Re-attempt POST operation with a valid header

Corrective action required is provided in Error message. For example:

Message: x-idempotency-key is missing in the request

TPP attempts to use POST operation with the same idempotency key after 24 hours

HTTP Status - 400

ErrorCode: U029,

Message: UK.OBIE.Rules.ResourceAlreadyExists – Resource already exists.

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Rules.
ResourceAlreadyExists

Error Type:
ResourceAlreadyExists

Idempotency supported for 24-hour period.

After 24 hours a new request should be created.

Signature Error Responses

Scenario Expected ASPSP Response v4.0 Expected ASPSP Response Expected TPP Action

TPP attempts to use POST operation with signature details missing

HTTP Status - 400

ErrorCode: U019,

Message: UK.OBIE.Signature.Missing – The Signature details are missing.

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Signature.Missing

Error Type:
InvalidRequestSignature

Re-attempt POST operation with a valid signature included

Corrective action required is provided in Error message. For example:

Message: x-jws-signature is missing in the header

TPP attempts to use POST operation with invalid details in the signature

HTTP Status - 400

ErrorCode: U015,

Message: UK.OBIE.Signature.Invalid – The Signature details are invalid.

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Signature.Invalid

Error Type:
InvalidRequestSignature

Re-attempt POST operation with a valid signature

TPP attempts to use POST operation with a malformed signature

HTTP Status - 400

ErrorCode: U018,

Message: UK.OBIE.Signature.Malformed – The Signature details are malformed.

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Signature.Malformed

Error Type:
InvalidRequestSignature

Re-attempt POST operation with a valid signature

Request Error Responses

Scenario Expected ASPSP Response v4.0 Expected ASPSP Response Expected TPP Action

TPP attempts to set up a vrp consent with mandatory field(s) missing from the request payload.

HTTP Status - 400

ErrorCode: U004

Message: UK.OBIE.Field.Missing - <field name> is missing in the request.

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Field.Missing

Error Type:
Invalid request parameters

Create a new consent using a POST operation with a valid payload.

Take the PSU through an authentication journey.

Corrective action required is provided in Error message. For example:

Message: Amount is missing in the request

Path: Data.ControlParameters.MaximumIndividualAmount.Amount

TPP attempts to set up a vrp consent with invalid details provided in the request payload.

HTTP Status - 400

ErrorCode: U002

Message: UK.OBIE.Field.Invalid - <field name> is not in a valid format.

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Field.Invalid

Error Type:
Invalid request parameters

Create a new consent using a POST operation with a valid payload.

Take the PSU through an authentication journey.

Corrective action required is provided in Error message.
For example:

Message: PaymentContextCode is not in a valid format.

Path: Risk.PaymentContextCode

TPP attempts to set up a vrp consent with dates that are not supported.

HTTP Status - 400

ErrorCode: U003,

Message: UK.OBIE.Field.InvalidDate - <field name> cannot be in the past.

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Field.InvalidDate

Error Type:
Invalid request parameters

Create a new consent using a POST operation.

Take the PSU through an authentication journey.

Exception rules for accepted dates are documented in Implementation Guide.

TPP attempts to set up a vrp consent with a currency that is not supported.

HTTP Status - 400

ErrorCode: U023,

Message: UK.OBIE.Unsupported.Currency - <field name> value is not supported.

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Unsupported.Currency

Error Type:
InvalidRequestPayload

Create a new consent using a POST operation with a currency that is supported.

Take the PSU through an authentication journey.

TPP attempts to access a vrp consent resource that has been deleted or unknown.

HTTP Status - 400

ErrorCode: U011,

Message: UK.OBIE.Resource.NotFound - Consent does not exist.

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Resource.NotFound

Error Type:
Resource not found

Reattempt with a valid Consent ID.

Else, create a new consent using a POST operation.

Take the PSU through an authentication journey.

TPP attempts to access a vrp consent resource that is expired.

HTTP Status - 400

ErrorCode: U009,

Message: UK.OBIE.Resource.InvalidConsentStatus - "Consent has expired."

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Resource.
InvalidConsentStatus

Error Type:
Invalid consent status

Create a new consent using a POST operation.

Take the PSU through an authentication journey.

TPP attempts to use a vrp consent resource where the access has been revoked.

HTTP Status - 401

ErrorCode: U009,

Message: UK.OBIE.Resource.InvalidConsentStatus - Consent access is not allowed. Try again later.

Http Status: 401 Unauthorized

Error Code:
UK.OBIE.Resource.
InvalidConsentStatus

Error Type:
Unauthorized

Take the PSU through the re-authentication journey.

TPP attempts to access a vrp payment resource that is unknown.

HTTP Status - 400

ErrorCode: U011

Message: UK.OBIE.Resource.NotFound - Consent Id not found.

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Resource.NotFound

Error Type:
Resource not found

Reattempt with a valid DomesticVRPID.

TPP attempts to access a vrp consent resource to make a payment that breaches control parameters set in the consent.

HTTP Status - 400

ErrorCode: U014

Message: UK.OBIE.Rules.FailsControlParameters

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Rules.
FailsControlParameters

Error Type:
Invalid request parameters

Create a new request using a POST operation within the control parameters.

TPP attempts to access a vrp consent resource to do a funds-confirmation check or make a payment and the details do not match the consent.

HTTP Status - 400

ErrorCode: U008,

Message: UK.OBIE.Resource.ConsentMismatch - <field name> does not match the value in the URL.

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Resource.
ConsentMismatch

Error Type:
Invalid request parameters

Create a new request using a POST operation with a valid payload that matches the consent.

ASPSP downstream services or server is down.

HTTP Status - 500

ErrorCode: U000

Message: UK.OBIE.UnexpectedError - Due to a technical problem, the request cannot be completed.

Http Status: 500 UnexpectedError

Error Code:
UK.OBIE.UnexpectedError

ErrorType:
UnexpectedError

Retry Later.

Migration of Consent using PUT Error scenarios

Scenario Expected ASPSP Response v4.0 Expected TPP Action

Consent has already been migrated

HTTP Status - 400

ErrorCode: U029

Message: UK.OBIE.Rules.ResourceAlreadyExists - This consent has already been migrated.

TPP should make requests in v4.0.

Payment Context Code not valid in v4.0

HTTP Status - 400

ErrorCode: U002

Message: UK.OBIE.Field.Invalid- The PaymentContextCode is invalid. Please provide a valid PaymentContextCode or re-authenticate.

TPP should create a new consent in v4.0.

v3.1.10 consent has expired

HTTP Status - 400

ErrorCode: U009

Message: UK.OBIE.Resource.InvalidConsentStatus - Resource cannot be found.

TPP should create a new consent in v4.0.

v3.1.10 consent is invalid

HTTP Status - 400

ErrorCode: U009

Message: UK.OBIE.Resource.InvalidConsentStatus - Resource is not valid.

TPP should create a new consent in v4.0.

Payment submission attempt in v4.0 with v3.1.10 consent

HTTP Status - 403

ErrorCode: U002

Message: UK.OBIE.Field.Invalid - This action is not valid. Please migrate the old consent to comply with this API version.

TPP should migrate the old consent to v4.0 or submit the payment in the respective API version.

AGGREGATED POLLING

The OBIE have defined an Aggregated Polling API (POST /events) which allows an ASPSP to aggregate and deliver multiple signed event notifications to TPPs through the use of polling. The POST /events endpoint allows a TPP to poll and acknowledge and receive event notifications.

  • The POST method allows the TPP to transmit their polling parameters and event notification acknowledgements.

  • The ASPSP responds accordingly, sending event notifications as indicated by the TPPs polling parameters.

  • The Supported scope of Aggregated Polling is accounts, fundsconfirmations, payments.

This detail should be read in conjunction with Open Banking Specifications and our API Products

  • Aggregated Polling API Specification can be found here

  • API Products can be found here

AGGREGATED POLLING VARIATIONS

The Table lists down the Exceptions implemented for Aggregated Polling API :

SNo Endpoints Description
1 /events
Revoked consent

The LBG Aggregated Polling API returns event notifications for revoked consents only
2 /events
Long Polling

Long polling is not supported as described within the OBIE specification – see ‘Polling Parameters’.
3 /events
API Sign Response

The response from the LBG Aggregated Polling API signs the whole response and not individual event notifications
4 /events
Event Recycling Frequency

Lloyds Banking Group used JTIs to send event notifications. A unique JTI is generated each time the TPP calls the Aggregated Polling API. JTIs do not expire
5 /events
Polling Frequency

Lloyds Banking Group will restrict each TPP App to calling the Aggregated Polling API 10 times within 24 hours for each brand, e.g. a TPP may call the Lloyds Aggregated Polling API 10 times, and the Halifax endpoint 10 times within the same 24 hours
6 /events
Polling parameters

Lloyds Banking Group will return up to 150 event notifications for every Aggregated Polling call made by the TPP.
7 /events
TPP Registration of the Lloyds Banking GroupAggregated Polling API

If you are a new TPP currently on-boarding then you will be automatically registered to the Aggregated Polling API. If you are an existing TPP then you will be required to follow the instructions in section 2 of this document to use the Aggregated Polling API.
8 /events
Operating without acknowledgements

The LBG Aggregated Polling API returns event notifications for revoked consents only
Prev Next

How to register using DCR

This section applies to TPPs who are already registered with the OBIE and have a login for the OBIE directory

  1. Certificate Signing Request (CSR) is needed to generate an SSA. Please refer to the Open Banking documentation on how to create CSRs.

  2. After creating the CSR, retain the private keys and upload only the CSR to the Open Banking portal to generate the certificates.

  3. Follow the OBIE Confluence page to generate the SSA

This applies to all TPPs who are not yet registered with OBIE, but are in possession of eIDAS certificates.

  1. For those TPPs who are not registered with Open Banking, OBIE has provided APIs to do a soft onboarding, which can be used to generate an SSA which must be used during LBG dynamic client registration.

  2. The SSA is a JSON Web Token (JWT) containing client metadata about an instance of TPP client software. The JWT is issued and signed by the Open Banking Directory.

  3. The SSA's Lifetime / Validity period is not defined by Open Banking. ASPSPs in the Open Banking ecosystem are required to implement pragmatic time ranges in which to accept an SSA.

  4. LBG has set the SSA validity to 24 hours for use in dynamic registration.

The APIs exposed by OBIE to register and generate an SSA are documented here

 

Please find the below typical steps to register with OBIE through directory services

 

1 2 3 4 5 6 7 8
 
Enroll your organization onto the Open Banking Directory through Directory Services 2.0. Only TPPs can use this enrolment endpoint, so please set OrganizationType to tpp POST /organization/{OrganizationType} Update the business or the technical contacts for the given organization. This is required for the LBG to create an user while creating an application. PUT /organization/{OrganizationType}/{OrganizationId} /contact/{ContactType} Create a software statement on the directory POST /organization/{OrganizationType}/{OrganizationId} /software-statement Update a software statement (if needed) PUT /organization/{OrganizationType}/{OrganizationId} /software-statement Upload your eIDAS QSEAL against your organization. If OrganizationCertificateType is set to QWAC or QSEAL then the PEM file should contain a QWAC or a QSEAL certificate respectively. POST/organization/ {OrganizationType}/{OrganizationId}/certificate/ {OrganizationCertificateType} Associate/de-associate a QSEAL certificate with the given software statement PUT/organization/ {OrganizationType}/{OrganizationId}/software-statement/ {SoftwareStatementId}/certificate/{OrganizationAssociativeCertificateType} /{CertificateOrKeyId} Generate a Software Statement Assertion for the given SoftwareStatementID (LBG will accept SSAs generated within last 24 hours). GET/organization/{OrganizationType}/{OrganizationId} /software-statement/{SoftwareStatementId}/software- statement-assertion If you have any further questions about your enrolment request please contact Open Banking: by emailing servicedesk@openbanking.org.uk

The /register endpoint should be called with the appropriate request body and appropriate transport certificate.

  1. The register endpoint accepts a single jws string as its payload body.
  2. The claims that should form part of the jws body are described by the OBIE dynamic registration data model
  3. Include the SSA that was acquired from OBIE in the claims of the request object.
  4. The main validation checks that will be performed on the request object are detailed below
  5. SSA contained in the request object should be used within 24 hrs of its issue time, when the dynamic registration request is made.
  6. The scope in the request object should conform to the roles available in the SSA or a subset of them.
  7. The request object and the SSAs signature will be validated using the appropriate public certificates.
  8. Distinguished name (certificate subject) of the transport certificate will be validated against the information contained in the SSA.
  9. The response structure will conform to the OBIE specification as specified in their swagger contract
  10. The important information from the response that should be retained for future use is the client_id and client_secret.
  11. All request object validation failures will result in HTTP 400 error with a short description in the body.

 

Open Banking Client Registration Request Payload

eyJraWQiOiI3QXdIWFQ0TGJ6N3JiNnNXSkJoemZZV3l5V1EiLCJhbGciOiJQUzI1NiIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJ0eXAiOiJKT1NFIn0.eyJpc3MiOiIxeEZrUmNpcU9IbkJXak9VdWl1eXRpIiwiYXVkIjoib3BlbmJhbmtpbmdsbG95ZHMiLCJqdGkiOiIyZWI5NjAyMS1mZDliLTQ2NWEtYTRhNi1mNmY1NWZhMzY5MmYiLCJyZXNwb25zZV90eXBlcyI6WyJjb2RlIGlkX3Rva2VuIl0sInJlZGlyZWN0X3VyaXMiOlsiaHR0cHM6Ly9kZXZlbG9wZXIubGxveWRzYmFua2luZy5jb20iXSwidG9rZW5fZW5kcG9pbnRfYXV0aF9tZXRob2QiOiJ0bHNfY2xpZW50X2F1dGgiLCJncmFudF90eXBlcyI6WyJhdXRob3JpemF0aW9uX2NvZGUiLCJjbGllbnRfY3JlZGVudGlhbHMiXSwic2NvcGUiOiJvcGVuaWQgYWNjb3VudHMiLCJzdWJqZWN0X3R5cGUiOiJwdWJsaWMiLCJzb2Z0d2FyZV9zdGF0ZW1lbnQiOiJleUpoYkdjaU9pSlFVekkxTmlJc0ltdHBaQ0k2SWpKNWIwOUxMVkpJYmxkaE1EZEhVWFF0T1ZkcVZHRmhaV0l6UzJKZmVFaE1PR0phU1ZCb1NrbEZVMWs5SWl3aWRIbHdJam9pU2xkVUluMC5leUpwYzNNaU9pSlBjR1Z1UW1GdWEybHVaeUJNZEdRaUxDSnBZWFFpT2pFMk9UVTFOemd5Tmpnc0ltcDBhU0k2SWpjMlptSXlOakF5Tm1SaVlqUTFNVFVpTENKemIyWjBkMkZ5WlY5bGJuWnBjbTl1YldWdWRDSTZJbkJ5YjJSMVkzUnBiMjRpTENKemIyWjBkMkZ5WlY5dGIyUmxJam9pVEdsMlpTSXNJbk52Wm5SM1lYSmxYMmxrSWpvaWJUSnFla3RCTnpkYWRqZFNjVFYyUkdWbmVubExTQ0lzSW5OdlpuUjNZWEpsWDJOc2FXVnVkRjlwWkNJNkltMHlhbnBMUVRjM1duWTNVbkUxZGtSbFozcDVTMGdpTENKemIyWjBkMkZ5WlY5amJHbGxiblJmYm1GdFpTSTZJbEJ5YjJSMVkzUnBiMjRnUlhwdmNtOGdRWEJ3SWl3aWMyOW1kSGRoY21WZlkyeHBaVzUwWDJSbGMyTnlhWEIwYVc5dUlqb2lWRzhnWW1VZ2RYTmxaQ0JtYjNJZ2JtVjNJRlpOSUVWNmIzSnZJRUZ3Y0hNaUxDSnpiMlowZDJGeVpWOTJaWEp6YVc5dUlqb2lNUzR3SWl3aWMyOW1kSGRoY21WZlkyeHBaVzUwWDNWeWFTSTZJbWgwZEhCek9pOHZaR1YyWld4dmNHVnlMbXhzYjNsa2MySmhibXRwYm1jdVkyOXRMeUlzSW5OdlpuUjNZWEpsWDNKbFpHbHlaV04wWDNWeWFYTWlPbHNpYUhSMGNITTZMeTloY0hCc2RYWXdPVGxrTG0xaFkyaHBibVV1WjNKdmRYQTZNVEF3TlRBdmNtVmthWEpsWTNRaUxDSm9kSFJ3Y3pvdkwyRndjR3gxZGpBMk4yUXViV0ZqYUdsdVpTNW5jbTkxY0RveE1EQTFNQzl5WldScGNtVmpkQ0lzSW1oMGRIQnpPaTh2WVhCd2RIVjJNRFJpWmk1dFlXTm9hVzVsTG5SbGMzUXVaM0p2ZFhBNk1UQXdOVEF2Y21Wa2FYSmxZM1FpTENKb2RIUndjem92THpFeU55NHdMakF1TVRvNE5EUXpMMk52Ym1admNtMWhibU5sYzNWcGRHVXZZMkZzYkdKaFkyc2lMQ0pvZEhSd2N6b3ZMMlJsZG1Wc2IzQmxjaTVzYkc5NVpITmlZVzVyYVc1bkxtTnZiU0pkTENKemIyWjBkMkZ5WlY5eWIyeGxjeUk2V3lKQlNWTlFJaXdpVUVsVFVDSXNJa05DVUVsSklsMHNJbTl5WjJGdWFYTmhkR2x2Ymw5amIyMXdaWFJsYm5SZllYVjBhRzl5YVhSNVgyTnNZV2x0Y3lJNmV5SmhkWFJvYjNKcGRIbGZhV1FpT2lKR1EwRkhRbElpTENKeVpXZHBjM1J5WVhScGIyNWZhV1FpT2lJeE1Ua3lOemdpTENKemRHRjBkWE1pT2lKQlkzUnBkbVVpTENKaGRYUm9iM0pwYzJGMGFXOXVjeUk2VzNzaWJXVnRZbVZ5WDNOMFlYUmxJam9pUjBraUxDSnliMnhsY3lJNld5SlFTVk5RSWl3aVFVbFRVQ0lzSWtOQ1VFbEpJaXdpUVZOUVUxQWlYWDBzZXlKdFpXMWlaWEpmYzNSaGRHVWlPaUpIUWlJc0luSnZiR1Z6SWpwYklrRkpVMUFpTENKUVNWTlFJaXdpUVZOUVUxQWlMQ0pEUWxCSlNTSmRmVjE5TENKemIyWjBkMkZ5WlY5c2IyZHZYM1Z5YVNJNkltaDBkSEJ6T2k4dlpHVjJaV3h2Y0dWeUxteHNiM2xrYzJKaGJtdHBibWN1WTI5dEx5SXNJbTl5WjE5emRHRjBkWE1pT2lKQlkzUnBkbVVpTENKdmNtZGZhV1FpT2lJd01ERTFPREF3TURBd2FtWTVSMmRCUVVraUxDSnZjbWRmYm1GdFpTSTZJa3hzYjNsa2N5QkNZVzVySUZCTVF5SXNJbTl5WjE5amIyNTBZV04wY3lJNlczc2libUZ0WlNJNklsUmxZMmh1YVdOaGJDSXNJbVZ0WVdsc0lqb2lUMEpTWlhOd2IyNXpaWFJsWVcxQWJHeHZlV1J6WW1GdWEybHVaeTVqYjIwaUxDSndhRzl1WlNJNklpZ3JORFFwSURjM01EWWdNRFl6SURNNE1TSXNJblI1Y0dVaU9pSlVaV05vYm1sallXd2lmU3g3SW01aGJXVWlPaUpDZFhOcGJtVnpjeUlzSW1WdFlXbHNJam9pVDBKU1pYTndiMjV6WlhSbFlXMUFiR3h2ZVdSelltRnVhMmx1Wnk1amIyMGlMQ0p3YUc5dVpTSTZJaWdyTkRRcElEYzRPREFnTVRNNElEUTFNQ0lzSW5SNWNHVWlPaUpDZFhOcGJtVnpjeUo5WFN3aWIzSm5YMnAzYTNOZlpXNWtjRzlwYm5RaU9pSm9kSFJ3Y3pvdkwydGxlWE4wYjNKbExtOXdaVzVpWVc1cmFXNW5MbTl5Wnk1MWF5OHdNREUxT0RBd01EQXdhbVk1UjJkQlFVa3ZNREF4TlRnd01EQXdNR3BtT1VkblFVRkpMbXAzYTNNaUxDSnZjbWRmYW5kcmMxOXlaWFp2YTJWa1gyVnVaSEJ2YVc1MElqb2lhSFIwY0hNNkx5OXJaWGx6ZEc5eVpTNXZjR1Z1WW1GdWEybHVaeTV2Y21jdWRXc3ZNREF4TlRnd01EQXdNR3BtT1VkblFVRkpMM0psZG05clpXUXZNREF4TlRnd01EQXdNR3BtT1VkblFVRkpMbXAzYTNNaUxDSnpiMlowZDJGeVpWOXFkMnR6WDJWdVpIQnZhVzUwSWpvaWFIUjBjSE02THk5clpYbHpkRzl5WlM1dmNHVnVZbUZ1YTJsdVp5NXZjbWN1ZFdzdk1EQXhOVGd3TURBd01HcG1PVWRuUVVGSkwyMHlhbnBMUVRjM1duWTNVbkUxZGtSbFozcDVTMGd1YW5kcmN5SXNJbk52Wm5SM1lYSmxYMnAzYTNOZmNtVjJiMnRsWkY5bGJtUndiMmx1ZENJNkltaDBkSEJ6T2k4dmEyVjVjM1J2Y21VdWIzQmxibUpoYm10cGJtY3ViM0puTG5Wckx6QXdNVFU0TURBd01EQnFaamxIWjBGQlNTOXlaWFp2YTJWa0wyMHlhbnBMUVRjM1duWTNVbkUxZGtSbFozcDVTMGd1YW5kcmN5SXNJbk52Wm5SM1lYSmxYM0J2YkdsamVWOTFjbWtpT2lKb2RIUndjem92TDJSbGRtVnNiM0JsY2k1c2JHOTVaSE5pWVc1cmFXNW5MbU52YlM4aUxDSnpiMlowZDJGeVpWOTBiM05mZFhKcElqb2lhSFIwY0hNNkx5OWtaWFpsYkc5d1pYSXViR3h2ZVdSelltRnVhMmx1Wnk1amIyMHZJaXdpYzI5bWRIZGhjbVZmYjI1ZlltVm9ZV3htWDI5bVgyOXlaeUk2Ym5Wc2JIMC5zamVSWUU4SGMtNG5OSEhqd2VKMDh5Um90QTdad3cteE1jRF83UmhuZkRiQjRGV0dxYlpBNlNwVWZzWko0MkZybUJfZTBWTHlFWUlxamYxSGlOQ2FtXzhSanF6c0htR1lDTlZKbWJVaXhRNDB3akJLR2tBd0Z1OV9pX1NqeVBMeUZyNnRfcHk3RWprQ256ZmZmUVhMcDI4NFZyaHlxT1k3RUp0TlRSb0Y3b1NLcWlkZkJkU3RyN1NvRGpqX1c2WHI4QXRJUmhnbl9kcEFwVVZkSF9JQ0FzWXRQQmZsMEZHRVNsWE50azliLUxoZ0hOenZnWTNTNXV0RVdES2txN0dFdmdLTVRkakxjTTRiSDBqSk8xU2hHcVdwVVpkOVdrYVEwS29pWncxVkR2ZU1iSENYU184ejlxLVI1Z195QnJfSXVxaFVlY0lBLURud0NXVU5IdzJlb1EiLCJzb2Z0d2FyZV9pZCI6Im0yanpLQTc3WnY3UnE1dkRlZ3p5S0giLCJhcHBsaWNhdGlvbl90eXBlIjoid2ViIiwiaWRfdG9rZW5fc2lnbmVkX3Jlc3BvbnNlX2FsZyI6IlBTMjU2IiwicmVxdWVzdF9vYmplY3Rfc2lnbmluZ19hbGciOiJQUzI1NiIsInRva2VuX2VuZHBvaW50X2F1dGhfc2lnbmluZ19hbGciOiJQUzI1NiIsInRsc19jbGllbnRfYXV0aF9zdWJqZWN0X2RuIjoiL0M9R0IvTz1MbG95ZHMgQmFuayBQTEMvb3JnYW5pemF0aW9uSWRlbnRpZmllcj1QU0RHQi1GQ0EtMTE5Mjc4L0NOPTAwMTU4MDAwMDBqZjlHZ0FBSSIsImlhdCI6MTY5NTY0MjcwNDAxOCwiZXhwIjoxNjk1NjQyNzA3NjE4fQ.qu3VEo2cqbNN-zNPM3BxlSgHeJTLqQU4h7F_6tqd8A14O_svnfUKss4ZYBktnqNaez8d6dlDPT8Qj8H9vyqvIcwSpGPnFaFVi7num1dRC52BNXeK5zoceocJM5A2IwPllS6xK67GKhPjfXWQcK7oo6Tp-v76s9TrIK-uTNd5QfgdnFOG5mO8RihgtFKxFXdhAEk-aPlQwjapElNwpnLSkGeAyBgnWoUinrv1Q5pJ3zPUbDN_aiNLcI_GKnA9Ktglp12xXzCixGlUpmbmiTwjzs8ov1Gfowc74rHpkZ3AqZmmuV7NrsMQY3MmHBEW37eI2lGSrn9KXnNKJ5yYC8T8OA

{ "iss": "1xFkRciqOHnBWjOUuiuyti", "aud": "openbankinglloyds", "jti": "2eb96021-fd9b-465a-a4a6-f6f55fa3692f", "response_types": [ "code id_token" ], "redirect_uris": [ "https://developer.lloydsbanking.com" ], "token_endpoint_auth_method": "tls_client_auth", "grant_types": [ "authorization_code", "client_credentials" ], "scope": "openid accounts", "subject_type": "public", "software_statement": "eyJhbGciOiJQUzI1NiIsImtpZCI6IjJ5b09LLVJIbldhMDdHUXQtOVdqVGFhZWIzS2JfeEhMOGJaSVBoSklFU1k9IiwidHlwIjoiSldUIn0.eyJpc3MiOiJPcGVuQmFua2luZyBMdGQiLCJpYXQiOjE2OTU1NzgyNjgsImp0aSI6Ijc2ZmIyNjAyNmRiYjQ1MTUiLCJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6InByb2R1Y3Rpb24iLCJzb2Z0d2FyZV9tb2RlIjoiTGl2ZSIsInNvZnR3YXJlX2lkIjoibTJqektBNzdadjdScTV2RGVnenlLSCIsInNvZnR3YXJlX2NsaWVudF9pZCI6Im0yanpLQTc3WnY3UnE1dkRlZ3p5S0giLCJzb2Z0d2FyZV9jbGllbnRfbmFtZSI6IlByb2R1Y3Rpb24gRXpvcm8gQXBwIiwic29mdHdhcmVfY2xpZW50X2Rlc2NyaXB0aW9uIjoiVG8gYmUgdXNlZCBmb3IgbmV3IFZNIEV6b3JvIEFwcHMiLCJzb2Z0d2FyZV92ZXJzaW9uIjoiMS4wIiwic29mdHdhcmVfY2xpZW50X3VyaSI6Imh0dHBzOi8vZGV2ZWxvcGVyLmxsb3lkc2JhbmtpbmcuY29tLyIsInNvZnR3YXJlX3JlZGlyZWN0X3VyaXMiOlsiaHR0cHM6Ly9hcHBsdXYwOTlkLm1hY2hpbmUuZ3JvdXA6MTAwNTAvcmVkaXJlY3QiLCJodHRwczovL2FwcGx1djA2N2QubWFjaGluZS5ncm91cDoxMDA1MC9yZWRpcmVjdCIsImh0dHBzOi8vYXBwdHV2MDRiZi5tYWNoaW5lLnRlc3QuZ3JvdXA6MTAwNTAvcmVkaXJlY3QiLCJodHRwczovLzEyNy4wLjAuMTo4NDQzL2NvbmZvcm1hbmNlc3VpdGUvY2FsbGJhY2siLCJodHRwczovL2RldmVsb3Blci5sbG95ZHNiYW5raW5nLmNvbSJdLCJzb2Z0d2FyZV9yb2xlcyI6WyJBSVNQIiwiUElTUCIsIkNCUElJIl0sIm9yZ2FuaXNhdGlvbl9jb21wZXRlbnRfYXV0aG9yaXR5X2NsYWltcyI6eyJhdXRob3JpdHlfaWQiOiJGQ0FHQlIiLCJyZWdpc3RyYXRpb25faWQiOiIxMTkyNzgiLCJzdGF0dXMiOiJBY3RpdmUiLCJhdXRob3Jpc2F0aW9ucyI6W3sibWVtYmVyX3N0YXRlIjoiR0kiLCJyb2xlcyI6WyJQSVNQIiwiQUlTUCIsIkNCUElJIiwiQVNQU1AiXX0seyJtZW1iZXJfc3RhdGUiOiJHQiIsInJvbGVzIjpbIkFJU1AiLCJQSVNQIiwiQVNQU1AiLCJDQlBJSSJdfV19LCJzb2Z0d2FyZV9sb2dvX3VyaSI6Imh0dHBzOi8vZGV2ZWxvcGVyLmxsb3lkc2JhbmtpbmcuY29tLyIsIm9yZ19zdGF0dXMiOiJBY3RpdmUiLCJvcmdfaWQiOiIwMDE1ODAwMDAwamY5R2dBQUkiLCJvcmdfbmFtZSI6Ikxsb3lkcyBCYW5rIFBMQyIsIm9yZ19jb250YWN0cyI6W3sibmFtZSI6IlRlY2huaWNhbCIsImVtYWlsIjoiT0JSZXNwb25zZXRlYW1AbGxveWRzYmFua2luZy5jb20iLCJwaG9uZSI6IigrNDQpIDc3MDYgMDYzIDM4MSIsInR5cGUiOiJUZWNobmljYWwifSx7Im5hbWUiOiJCdXNpbmVzcyIsImVtYWlsIjoiT0JSZXNwb25zZXRlYW1AbGxveWRzYmFua2luZy5jb20iLCJwaG9uZSI6IigrNDQpIDc4ODAgMTM4IDQ1MCIsInR5cGUiOiJCdXNpbmVzcyJ9XSwib3JnX2p3a3NfZW5kcG9pbnQiOiJodHRwczovL2tleXN0b3JlLm9wZW5iYW5raW5nLm9yZy51ay8wMDE1ODAwMDAwamY5R2dBQUkvMDAxNTgwMDAwMGpmOUdnQUFJLmp3a3MiLCJvcmdfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZy5vcmcudWsvMDAxNTgwMDAwMGpmOUdnQUFJL3Jldm9rZWQvMDAxNTgwMDAwMGpmOUdnQUFJLmp3a3MiLCJzb2Z0d2FyZV9qd2tzX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZy5vcmcudWsvMDAxNTgwMDAwMGpmOUdnQUFJL20yanpLQTc3WnY3UnE1dkRlZ3p5S0guandrcyIsInNvZnR3YXJlX2p3a3NfcmV2b2tlZF9lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmcub3JnLnVrLzAwMTU4MDAwMDBqZjlHZ0FBSS9yZXZva2VkL20yanpLQTc3WnY3UnE1dkRlZ3p5S0guandrcyIsInNvZnR3YXJlX3BvbGljeV91cmkiOiJodHRwczovL2RldmVsb3Blci5sbG95ZHNiYW5raW5nLmNvbS8iLCJzb2Z0d2FyZV90b3NfdXJpIjoiaHR0cHM6Ly9kZXZlbG9wZXIubGxveWRzYmFua2luZy5jb20vIiwic29mdHdhcmVfb25fYmVoYWxmX29mX29yZyI6bnVsbH0.sjeRYE8Hc-4nNHHjweJ08yRotA7Zww-xMcD_7RhnfDbB4FWGqbZA6SpUfsZJ42FrmB_e0VLyEYIqjf1HiNCam_8RjqzsHmGYCNVJmbUixQ40wjBKGkAwFu9_i_SjyPLyFr6t_py7EjkCnzfffQXLp284VrhyqOY7EJtNTRoF7oSKqidfBdStr7SoDjj_W6Xr8AtIRhgn_dpApUVdH_ICAsYtPBfl0FGESlXNtk9b-LhgHNzvgY3S5utEWDKkq7GEvgKMTdjLcM4bH0jJO1ShGqWpUZd9WkaQ0KoiZw1VDveMbHCXS_8z9q-R5g_yBr_IuqhUecIA-DnwCWUNHw2eoQ", "software_id": "m2jzKA77Zv7Rq5vDegzyKH", "application_type": "web", "id_token_signed_response_alg": "PS256", "request_object_signing_alg": "PS256", "token_endpoint_auth_signing_alg": "PS256", "tls_client_auth_subject_dn": "/C=GB/O=Lloyds Bank PLC/organizationIdentifier=PSDGB-FCA-119278/CN=0015800000jf9GgAAI", "iat": 1695642704018, "exp": 1695642707618 }

Introduction

Data Dictionary

Name Occurrence XPath EnhancedDefinition Class Codes Pattern Location
iss 1..1 iss Identifier for the TPP.This value must be unique for each TPP registered by the issuer of the SSA.The value must be a Base62 encoded GUID.For SSAs issued by the OB Directory, this must be the software_id String (18)   ^[0-9a-zA-Z]{1,18}$ Request only
iat 1..1 iat The time at which the request was issued by the TPP expressed as "seconds since the epoch" Integer   Unix timestamp Request only
exp 1..1 exp The time at which the request expires expressed as seconds since the epoch.An ASPSP processing the request must reject requests where the current time is greater than the time specified in the claim. Integer   Unix timestamp Request only
aud 1..1 aud The audience for the request. This should be the unique identifier for the ASPSP issued by the issuer of the software statement.An ASPSP processing the software statement may validate the value of the claim and reject software statements for which the ASPSP is not the audience.The value must be a Base62 encoded GUID. String (18)   ^[0-9a-zA-Z]{1,18}$ Request only
jti 1..1 jti A unique identifier for the JWT. The value must be a UUIDv4 GUID. String (36)   ^[0-9A-F]{8}-[0-9A-F]{4}-4[0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}$ Request only
redirect_uris 1..* redirect_uris Registered URIs the TPP will use to interact with the ASPSP AS.If the software statement defines a master set of redirect URIs, this must match or be a subset of the redirect URIs in the SSA.Each of the URIs must adhere to the following rules:- The URI MUST use the https scheme- The URI MUST NOT contain a host with a value of localhost- If the request_uris metadata element is omitted from the request, the entire contents of the software_redirect_uris element in the SSA are considered to be requested by the TPP. String[] (Each string upto 256)   URL Both
token_endpoint_auth_method 1..1   Specifies which Token endpoint authentication method the TPP wants to use. private_key_jwt : if requested the OP should extract the TPPs JWKS location from the software statement assertion included. String (32) private_key_jwt tls_client_auth client_secret_basic client_secret_post   Both
grant_types 1..*   A JSON array specifying what the TPP can request to be supplied to the token endpoint as exchange for an access token String[] (32) client_credentials authorization_code   Both
response_types 0..*   A JSON array specifying what the TPP can request to be returned from the ASPSP authorisation endpoint.ASPSPs MAY reject the request if any of the requested response_types are not supported by it (as advertised at its .well-known end-points)
Defaults to code id_token if not specified.		 String[] (32) code code id_token   Both
software_id 0..*   If specified, the software_id in the request MUST match the software_id specified in the SSA.ASPSPs can choose to allow multiple registrations for a given software statement.The Software ID must be represented as a Base62 UUID String (18)   ^[0-9a-zA-Z]{1,18}$ Both
scope 0..*   Scopes the client is asking for (if not specified, default scopes are assigned by the AS) String[] (32)     Both
software_statement 1..1   Software statement assertion issued by the issuer.The data model for the software statements issued by the Open Banking directory are documented as part of the Directory Specification.This is a encrypted value embeded inside JWT token JWS     Both
application_type 1..1     String (32) web mobile   Both
id_token_signed_response_alg 1..1   Algorithm which the TPP expects to sign the id_token, if an id_token is returned. String (5) Supported values as constrained by FAPI-RW   Both
request_object_signing_alg 1..1   Algorithm which the TPP expects to sign the request object if a request object will be part of the authorization request sent to the ASPSP. String (5) Supported values as constrained by FAPI-RW   Both
token_endpoint_auth_signing_alg 1..1   Algorithm which the TPP uses to authenticate with the token endpoint if using private_key_jwt or client_id_jwt String (5) Supported values as constrained by FAPI-RW   Both
tls_client_auth_subject_dn 0..1   This value must be set iff token_endpoint_auth_method is set to tls_client_auth The tls_client_auth_subject_dn claim MUST contain the DN of the certificate that the TPP will present to the ASPSP token endpoint.The ASPSP may decide to match only a part of the DN so that the match is based only on the part of the DN that will be immutable for the TPP across all EIDAS certificates issued to it. String (128)     Both
 

DCR - Create an application

The API allows the TPP to request the ASPSP to register (create) a new client.

  • curl -k --request POST \
  • --url {secure-domain}/prod01/lbg/dcr-api/v1.0/register \
  • --header 'accept: application/json' \
  • --header 'content-type: application/jose' \
  • --data 'eyJraWQiOiI3QXdIWFQ0TGJ6N3JiNnNXSkJoemZZV3l5V1EiLCJhbGciOiJQUzI1NiIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJ0eXAiOiJKT1NFIn0.eyJpc3MiOiIxeEZrUmNpcU9IbkJXak9VdWl1eXRpIiwiYXVkIjoib3BlbmJhbmtpbmdsbG95ZHMiLCJqdGkiOiIyZWI5NjAyMS1mZDliLTQ2NWEtYTRhNi1mNmY1NWZhMzY5MmYiLCJyZXNwb25zZV90eXBlcyI6WyJjb2RlIGlkX3Rva2VuIl0sInJlZGlyZWN0X3VyaXMiOlsiaHR0cHM6Ly9kZXZlbG9wZXIubGxveWRzYmFua2luZy5jb20iXSwidG9rZW5fZW5kcG9pbnRfYXV0aF9tZXRob2QiOiJ0bHNfY2xpZW50X2F1dGgiLCJncmFudF90eXBlcyI6WyJhdXRob3JpemF0aW9uX2NvZGUiLCJjbGllbnRfY3JlZGVudGlhbHMiXSwic2NvcGUiOiJvcGVuaWQgYWNjb3VudHMiLCJzdWJqZWN0X3R5cGUiOiJwdWJsaWMiLCJzb2Z0d2FyZV9zdGF0ZW1lbnQiOiJleUpoYkdjaU9pSlFVekkxTmlJc0ltdHBaQ0k2SWpKNWIwOUxMVkpJYmxkaE1EZEhVWFF0T1ZkcVZHRmhaV0l6UzJKZmVFaE1PR0phU1ZCb1NrbEZVMWs5SWl3aWRIbHdJam9pU2xkVUluMC5leUpwYzNNaU9pSlBjR1Z1UW1GdWEybHVaeUJNZEdRaUxDSnBZWFFpT2pFMk9UVTFOemd5Tmpnc0ltcDBhU0k2SWpjMlptSXlOakF5Tm1SaVlqUTFNVFVpTENKemIyWjBkMkZ5WlY5bGJuWnBjbTl1YldWdWRDSTZJbkJ5YjJSMVkzUnBiMjRpTENKemIyWjBkMkZ5WlY5dGIyUmxJam9pVEdsMlpTSXNJbk52Wm5SM1lYSmxYMmxrSWpvaWJUSnFla3RCTnpkYWRqZFNjVFYyUkdWbmVubExTQ0lzSW5OdlpuUjNZWEpsWDJOc2FXVnVkRjlwWkNJNkltMHlhbnBMUVRjM1duWTNVbkUxZGtSbFozcDVTMGdpTENKemIyWjBkMkZ5WlY5amJHbGxiblJmYm1GdFpTSTZJbEJ5YjJSMVkzUnBiMjRnUlhwdmNtOGdRWEJ3SWl3aWMyOW1kSGRoY21WZlkyeHBaVzUwWDJSbGMyTnlhWEIwYVc5dUlqb2lWRzhnWW1VZ2RYTmxaQ0JtYjNJZ2JtVjNJRlpOSUVWNmIzSnZJRUZ3Y0hNaUxDSnpiMlowZDJGeVpWOTJaWEp6YVc5dUlqb2lNUzR3SWl3aWMyOW1kSGRoY21WZlkyeHBaVzUwWDNWeWFTSTZJbWgwZEhCek9pOHZaR1YyWld4dmNHVnlMbXhzYjNsa2MySmhibXRwYm1jdVkyOXRMeUlzSW5OdlpuUjNZWEpsWDNKbFpHbHlaV04wWDNWeWFYTWlPbHNpYUhSMGNITTZMeTloY0hCc2RYWXdPVGxrTG0xaFkyaHBibVV1WjNKdmRYQTZNVEF3TlRBdmNtVmthWEpsWTNRaUxDSm9kSFJ3Y3pvdkwyRndjR3gxZGpBMk4yUXViV0ZqYUdsdVpTNW5jbTkxY0RveE1EQTFNQzl5WldScGNtVmpkQ0lzSW1oMGRIQnpPaTh2WVhCd2RIVjJNRFJpWmk1dFlXTm9hVzVsTG5SbGMzUXVaM0p2ZFhBNk1UQXdOVEF2Y21Wa2FYSmxZM1FpTENKb2RIUndjem92THpFeU55NHdMakF1TVRvNE5EUXpMMk52Ym1admNtMWhibU5sYzNWcGRHVXZZMkZzYkdKaFkyc2lMQ0pvZEhSd2N6b3ZMMlJsZG1Wc2IzQmxjaTVzYkc5NVpITmlZVzVyYVc1bkxtTnZiU0pkTENKemIyWjBkMkZ5WlY5eWIyeGxjeUk2V3lKQlNWTlFJaXdpVUVsVFVDSXNJa05DVUVsSklsMHNJbTl5WjJGdWFYTmhkR2x2Ymw5amIyMXdaWFJsYm5SZllYVjBhRzl5YVhSNVgyTnNZV2x0Y3lJNmV5SmhkWFJvYjNKcGRIbGZhV1FpT2lKR1EwRkhRbElpTENKeVpXZHBjM1J5WVhScGIyNWZhV1FpT2lJeE1Ua3lOemdpTENKemRHRjBkWE1pT2lKQlkzUnBkbVVpTENKaGRYUm9iM0pwYzJGMGFXOXVjeUk2VzNzaWJXVnRZbVZ5WDNOMFlYUmxJam9pUjBraUxDSnliMnhsY3lJNld5SlFTVk5RSWl3aVFVbFRVQ0lzSWtOQ1VFbEpJaXdpUVZOUVUxQWlYWDBzZXlKdFpXMWlaWEpmYzNSaGRHVWlPaUpIUWlJc0luSnZiR1Z6SWpwYklrRkpVMUFpTENKUVNWTlFJaXdpUVZOUVUxQWlMQ0pEUWxCSlNTSmRmVjE5TENKemIyWjBkMkZ5WlY5c2IyZHZYM1Z5YVNJNkltaDBkSEJ6T2k4dlpHVjJaV3h2Y0dWeUxteHNiM2xrYzJKaGJtdHBibWN1WTI5dEx5SXNJbTl5WjE5emRHRjBkWE1pT2lKQlkzUnBkbVVpTENKdmNtZGZhV1FpT2lJd01ERTFPREF3TURBd2FtWTVSMmRCUVVraUxDSnZjbWRmYm1GdFpTSTZJa3hzYjNsa2N5QkNZVzVySUZCTVF5SXNJbTl5WjE5amIyNTBZV04wY3lJNlczc2libUZ0WlNJNklsUmxZMmh1YVdOaGJDSXNJbVZ0WVdsc0lqb2lUMEpTWlhOd2IyNXpaWFJsWVcxQWJHeHZlV1J6WW1GdWEybHVaeTVqYjIwaUxDSndhRzl1WlNJNklpZ3JORFFwSURjM01EWWdNRFl6SURNNE1TSXNJblI1Y0dVaU9pSlVaV05vYm1sallXd2lmU3g3SW01aGJXVWlPaUpDZFhOcGJtVnpjeUlzSW1WdFlXbHNJam9pVDBKU1pYTndiMjV6WlhSbFlXMUFiR3h2ZVdSelltRnVhMmx1Wnk1amIyMGlMQ0p3YUc5dVpTSTZJaWdyTkRRcElEYzRPREFnTVRNNElEUTFNQ0lzSW5SNWNHVWlPaUpDZFhOcGJtVnpjeUo5WFN3aWIzSm5YMnAzYTNOZlpXNWtjRzlwYm5RaU9pSm9kSFJ3Y3pvdkwydGxlWE4wYjNKbExtOXdaVzVpWVc1cmFXNW5MbTl5Wnk1MWF5OHdNREUxT0RBd01EQXdhbVk1UjJkQlFVa3ZNREF4TlRnd01EQXdNR3BtT1VkblFVRkpMbXAzYTNNaUxDSnZjbWRmYW5kcmMxOXlaWFp2YTJWa1gyVnVaSEJ2YVc1MElqb2lhSFIwY0hNNkx5OXJaWGx6ZEc5eVpTNXZjR1Z1WW1GdWEybHVaeTV2Y21jdWRXc3ZNREF4TlRnd01EQXdNR3BtT1VkblFVRkpMM0psZG05clpXUXZNREF4TlRnd01EQXdNR3BtT1VkblFVRkpMbXAzYTNNaUxDSnpiMlowZDJGeVpWOXFkMnR6WDJWdVpIQnZhVzUwSWpvaWFIUjBjSE02THk5clpYbHpkRzl5WlM1dmNHVnVZbUZ1YTJsdVp5NXZjbWN1ZFdzdk1EQXhOVGd3TURBd01HcG1PVWRuUVVGSkwyMHlhbnBMUVRjM1duWTNVbkUxZGtSbFozcDVTMGd1YW5kcmN5SXNJbk52Wm5SM1lYSmxYMnAzYTNOZmNtVjJiMnRsWkY5bGJtUndiMmx1ZENJNkltaDBkSEJ6T2k4dmEyVjVjM1J2Y21VdWIzQmxibUpoYm10cGJtY3ViM0puTG5Wckx6QXdNVFU0TURBd01EQnFaamxIWjBGQlNTOXlaWFp2YTJWa0wyMHlhbnBMUVRjM1duWTNVbkUxZGtSbFozcDVTMGd1YW5kcmN5SXNJbk52Wm5SM1lYSmxYM0J2YkdsamVWOTFjbWtpT2lKb2RIUndjem92TDJSbGRtVnNiM0JsY2k1c2JHOTVaSE5pWVc1cmFXNW5MbU52YlM4aUxDSnpiMlowZDJGeVpWOTBiM05mZFhKcElqb2lhSFIwY0hNNkx5OWtaWFpsYkc5d1pYSXViR3h2ZVdSelltRnVhMmx1Wnk1amIyMHZJaXdpYzI5bWRIZGhjbVZmYjI1ZlltVm9ZV3htWDI5bVgyOXlaeUk2Ym5Wc2JIMC5zamVSWUU4SGMtNG5OSEhqd2VKMDh5Um90QTdad3cteE1jRF83UmhuZkRiQjRGV0dxYlpBNlNwVWZzWko0MkZybUJfZTBWTHlFWUlxamYxSGlOQ2FtXzhSanF6c0htR1lDTlZKbWJVaXhRNDB3akJLR2tBd0Z1OV9pX1NqeVBMeUZyNnRfcHk3RWprQ256ZmZmUVhMcDI4NFZyaHlxT1k3RUp0TlRSb0Y3b1NLcWlkZkJkU3RyN1NvRGpqX1c2WHI4QXRJUmhnbl9kcEFwVVZkSF9JQ0FzWXRQQmZsMEZHRVNsWE50azliLUxoZ0hOenZnWTNTNXV0RVdES2txN0dFdmdLTVRkakxjTTRiSDBqSk8xU2hHcVdwVVpkOVdrYVEwS29pWncxVkR2ZU1iSENYU184ejlxLVI1Z195QnJfSXVxaFVlY0lBLURud0NXVU5IdzJlb1EiLCJzb2Z0d2FyZV9pZCI6Im0yanpLQTc3WnY3UnE1dkRlZ3p5S0giLCJhcHBsaWNhdGlvbl90eXBlIjoid2ViIiwiaWRfdG9rZW5fc2lnbmVkX3Jlc3BvbnNlX2FsZyI6IlBTMjU2IiwicmVxdWVzdF9vYmplY3Rfc2lnbmluZ19hbGciOiJQUzI1NiIsInRva2VuX2VuZHBvaW50X2F1dGhfc2lnbmluZ19hbGciOiJQUzI1NiIsInRsc19jbGllbnRfYXV0aF9zdWJqZWN0X2RuIjoiL0M9R0IvTz1MbG95ZHMgQmFuayBQTEMvb3JnYW5pemF0aW9uSWRlbnRpZmllcj1QU0RHQi1GQ0EtMTE5Mjc4L0NOPTAwMTU4MDAwMDBqZjlHZ0FBSSIsImlhdCI6MTY5NTY0MjcwNDAxOCwiZXhwIjoxNjk1NjQyNzA3NjE4fQ.qu3VEo2cqbNN-zNPM3BxlSgHeJTLqQU4h7F_6tqd8A14O_svnfUKss4ZYBktnqNaez8d6dlDPT8Qj8H9vyqvIcwSpGPnFaFVi7num1dRC52BNXeK5zoceocJM5A2IwPllS6xK67GKhPjfXWQcK7oo6Tp-v76s9TrIK-uTNd5QfgdnFOG5mO8RihgtFKxFXdhAEk-aPlQwjapElNwpnLSkGeAyBgnWoUinrv1Q5pJ3zPUbDN_aiNLcI_GKnA9Ktglp12xXzCixGlUpmbmiTwjzs8ov1Gfowc74rHpkZ3AqZmmuV7NrsMQY3MmHBEW37eI2lGSrn9KXnNKJ5yYC8T8OA’ \
  • --key ./private-cert.key \
  • --cert ./public-cert.pem \
  • --cacert ./root-ca.pem
{ "client_id": "f613c7b2-406b-4ddf-b15a-fdec5800110d", "client_secret": "O7cG2aN6vC3wO5fN8sW3jY2wK2cJ5iB5fF4tY3bE8oM7iI1mP8", "client_id_issued_at": 1678719693, "redirect_uris": [ "https://developer.lloydsbanking.com" ], "token_endpoint_auth_method": "client_secret_basic", "grant_types": [ "authorization_code" ], "response_types": [ "code id_token" ], "software_id": "4YWcIQpEvWxirs256qq", "scope": "openid accounts", "software_statement": "eyJhbGciOiJQUzI1NiIsImtpZCI6IjJ5b09LLVJIbldhMDdHUXQtOVdqVGFhZWIzS2JfeEhMOGJaSVBoSklFU1k9IiwidHlwIjoiSldUIn0.eyJpc3MiOiJPcGVuQmFua2luZyBMdGQiLCJpYXQiOjE2OTU1NzgyNjgsImp0aSI6Ijc2ZmIyNjAyNmRiYjQ1MTUiLCJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6InByb2R1Y3Rpb24iLCJzb2Z0d2FyZV9tb2RlIjoiTGl2ZSIsInNvZnR3YXJlX2lkIjoibTJqektBNzdadjdScTV2RGVnenlLSCIsInNvZnR3YXJlX2NsaWVudF9pZCI6Im0yanpLQTc3WnY3UnE1dkRlZ3p5S0giLCJzb2Z0d2FyZV9jbGllbnRfbmFtZSI6IlByb2R1Y3Rpb24gRXpvcm8gQXBwIiwic29mdHdhcmVfY2xpZW50X2Rlc2NyaXB0aW9uIjoiVG8gYmUgdXNlZCBmb3IgbmV3IFZNIEV6b3JvIEFwcHMiLCJzb2Z0d2FyZV92ZXJzaW9uIjoiMS4wIiwic29mdHdhcmVfY2xpZW50X3VyaSI6Imh0dHBzOi8vZGV2ZWxvcGVyLmxsb3lkc2JhbmtpbmcuY29tLyIsInNvZnR3YXJlX3JlZGlyZWN0X3VyaXMiOlsiaHR0cHM6Ly9hcHBsdXYwOTlkLm1hY2hpbmUuZ3JvdXA6MTAwNTAvcmVkaXJlY3QiLCJodHRwczovL2FwcGx1djA2N2QubWFjaGluZS5ncm91cDoxMDA1MC9yZWRpcmVjdCIsImh0dHBzOi8vYXBwdHV2MDRiZi5tYWNoaW5lLnRlc3QuZ3JvdXA6MTAwNTAvcmVkaXJlY3QiLCJodHRwczovLzEyNy4wLjAuMTo4NDQzL2NvbmZvcm1hbmNlc3VpdGUvY2FsbGJhY2siLCJodHRwczovL2RldmVsb3Blci5sbG95ZHNiYW5raW5nLmNvbSJdLCJzb2Z0d2FyZV9yb2xlcyI6WyJBSVNQIiwiUElTUCIsIkNCUElJIl0sIm9yZ2FuaXNhdGlvbl9jb21wZXRlbnRfYXV0aG9yaXR5X2NsYWltcyI6eyJhdXRob3JpdHlfaWQiOiJGQ0FHQlIiLCJyZWdpc3RyYXRpb25faWQiOiIxMTkyNzgiLCJzdGF0dXMiOiJBY3RpdmUiLCJhdXRob3Jpc2F0aW9ucyI6W3sibWVtYmVyX3N0YXRlIjoiR0kiLCJyb2xlcyI6WyJQSVNQIiwiQUlTUCIsIkNCUElJIiwiQVNQU1AiXX0seyJtZW1iZXJfc3RhdGUiOiJHQiIsInJvbGVzIjpbIkFJU1AiLCJQSVNQIiwiQVNQU1AiLCJDQlBJSSJdfV19LCJzb2Z0d2FyZV9sb2dvX3VyaSI6Imh0dHBzOi8vZGV2ZWxvcGVyLmxsb3lkc2JhbmtpbmcuY29tLyIsIm9yZ19zdGF0dXMiOiJBY3RpdmUiLCJvcmdfaWQiOiIwMDE1ODAwMDAwamY5R2dBQUkiLCJvcmdfbmFtZSI6Ikxsb3lkcyBCYW5rIFBMQyIsIm9yZ19jb250YWN0cyI6W3sibmFtZSI6IlRlY2huaWNhbCIsImVtYWlsIjoiT0JSZXNwb25zZXRlYW1AbGxveWRzYmFua2luZy5jb20iLCJwaG9uZSI6IigrNDQpIDc3MDYgMDYzIDM4MSIsInR5cGUiOiJUZWNobmljYWwifSx7Im5hbWUiOiJCdXNpbmVzcyIsImVtYWlsIjoiT0JSZXNwb25zZXRlYW1AbGxveWRzYmFua2luZy5jb20iLCJwaG9uZSI6IigrNDQpIDc4ODAgMTM4IDQ1MCIsInR5cGUiOiJCdXNpbmVzcyJ9XSwib3JnX2p3a3NfZW5kcG9pbnQiOiJodHRwczovL2tleXN0b3JlLm9wZW5iYW5raW5nLm9yZy51ay8wMDE1ODAwMDAwamY5R2dBQUkvMDAxNTgwMDAwMGpmOUdnQUFJLmp3a3MiLCJvcmdfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZy5vcmcudWsvMDAxNTgwMDAwMGpmOUdnQUFJL3Jldm9rZWQvMDAxNTgwMDAwMGpmOUdnQUFJLmp3a3MiLCJzb2Z0d2FyZV9qd2tzX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZy5vcmcudWsvMDAxNTgwMDAwMGpmOUdnQUFJL20yanpLQTc3WnY3UnE1dkRlZ3p5S0guandrcyIsInNvZnR3YXJlX2p3a3NfcmV2b2tlZF9lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmcub3JnLnVrLzAwMTU4MDAwMDBqZjlHZ0FBSS9yZXZva2VkL20yanpLQTc3WnY3UnE1dkRlZ3p5S0guandrcyIsInNvZnR3YXJlX3BvbGljeV91cmkiOiJodHRwczovL2RldmVsb3Blci5sbG95ZHNiYW5raW5nLmNvbS8iLCJzb2Z0d2FyZV90b3NfdXJpIjoiaHR0cHM6Ly9kZXZlbG9wZXIubGxveWRzYmFua2luZy5jb20vIiwic29mdHdhcmVfb25fYmVoYWxmX29mX29yZyI6bnVsbH0.sjeRYE8Hc-4nNHHjweJ08yRotA7Zww-xMcD_7RhnfDbB4FWGqbZA6SpUfsZJ42FrmB_e0VLyEYIqjf1HiNCam_8RjqzsHmGYCNVJmbUixQ40wjBKGkAwFu9_i_SjyPLyFr6t_py7EjkCnzfffQXLp284VrhyqOY7EJtNTRoF7oSKqidfBdStr7SoDjj_W6Xr8AtIRhgn_dpApUVdH_ICAsYtPBfl0FGESlXNtk9b-LhgHNzvgY3S5utEWDKkq7GEvgKMTdjLcM4bH0jJO1ShGqWpUZd9WkaQ0KoiZw1VDveMbHCXS_8z9q-R5g_yBr_IuqhUecIA-DnwCWUNHw2eoQ", "application_type": "web", "id_token_signed_response_alg": "PS256", "request_object_signing_alg": "PS256", "token_endpoint_auth_signing_alg": "PS256", "tls_client_auth_subject_dn": "lloyds" }
Request Param Parameter Example Value Description
URL secure-domain

OB Transport, OBWAC:https://secure-api.lloydsbank.com

OBWAC, QWAC:https://secure-api-eidas.lloydsbank.com/

Please refer to the Other Useful Information section for all brand specific domains

Certs CACert Combination of Root & Intermediate (Full chain) Must provide in the request if the QWAC transport certs are being used. However this is optional for the OBWAC, OB Transport.
Data Nested JWS with SSA Valid JWS token Construct the request payload as the OBIE Dynamic Client Registration V3.2
Header Requested Headers Accept headers,accept: application/json,content-type: application/jose Headers are required to construct the request.
 

Product Auto subscription and auto approval based on TPP role

If dynamic registration response completed successfully, based on the scopes sent in the request object, the appropriate API Products will be auto subscribed and auto approved and will become available for immediate consumption.

DCR - Set up Client Credentials Token

In this step you obtain an Access Token using a Client Credentials Grant Type. The access expires within 10 minutes after the generation. When an Access Token expires, you will need to re-request for another Access Token.

Authentication methods - client_secret_basic and client_secret_post

curl -k -X POST \

  • --key private-cert.key \
  • --cert public-cert.pem \
  • --cacert QTSP-root-ca.pem \
  • url{secure-domain}/prod01/lbg/lyds/oidc-api/v1.1/token \
  • {secure-domain}/prod01/lbg/lyds/oidc-api/v1.1/token \
  • --header 'cache-control: no-cache' \
  • --header 'content-type: application/x-www-form-urlencoded' \
  • --data 'grant_type=client_credentials&client_id=f613c7b2-406b-4ddf-b15a-fdec5800110d&client_secret=O7cG2aN6vC3wO5fN8sW3jY2wK2cJ5iB5fF4tY3bE8oM7iI1mP8&s cope=openId accounts'
{

"token_type": "Bearer",

"access_token": "gktvoeyJhbGciOiJSUzI1NiIsImtpZCI6ImF0X3NpZ25fb2JqZWN0X29iX0xZRFNfY3VycmVudCJ9.eyJpc3MiOiJsbG95ZHMiLCJwcml2YXRlIjoiQUFJa1pqWXhNMk0zWWpJdE5EQTJZaTAwWkdSbUxXSXhOV0V0Wm1SbFl6VTRNREF4TVRCa3k0OTFqVXhLaW9KekkyS0gwbG1hS1U4VS11dkVnTzhiZUM4OTdvbVBObktHTlQxUm5Id3lQWlRzR0o3WlRSUG9vRUNtRy1ZZHhuTTNtWHVwdzNHaXd2OFdWN2VkS204TUFiZ2NVbS03c3hWcnhqd1RUcTdWZjdpYjZEM05RNjhpNG5RQU1XTTdPdUxVSk4tSXh0NDl0USIsImV4cCI6MTY4NjQ5NjE4ODIzMywiaWF0IjoxNjc4NzIwMTg4MjMzfQ.Uy8-QDi49Ip0pYDMZjl4R4JEUTfq2HrXQzYRepUrpDaOKU5BoIyxJLQ2jiPIemmZzvPGCUkuqx5nqVz6YqKbK_kqO1hQFSvnE2s9ma75pGignOf43CEXc1kXzUP4BVhCXyiy0gPEHiiu4R2M2hZjDeKOQRRPr5AK_68Gc-3ILZCkDCg6RgpBTVXHIuk_6LJQdZZtYYHKxjEd5RlYsBV-EvBuzZOv4Q0yP7qPCvEIQXtw1UFtGtsX7gu38_0L03u2Jv0Tq6XkAA5TEMl5SbPy16fIIkmJnbVEF6rN6llTaB-a60IdWLPQuiiY--h_FCTu5RKYmGPBOsJNrqD65EGmDA",

"expires_in": 7776000,

"consented_on": 1678720188,

"scope": "openid accounts"

}
 

Authentication method - tls_client_auth

  • curl -k -X POST \
  • --key ./private-cert.key \
  • --cert ./public-cert.pem \
  • --cacert ./ca-cert.pem \
  • url{secure-domain}/prod01/lbg/lyds/mtls-token-api/v1.1/token \
  • --header 'accept: application/json' \
  • --header 'cache-control: no-cache' \
  • --header 'content-type: application/x-www-form-urlencoded' \
  • --data 'grant_type=client_credentials&client_id=f613c7b2-406b-4ddf-b15a-fdec5800110d& scope=accounts'
{

"token_type": "Bearer",

"access_token": "gktvoeyJhbGciOiJSUzI1NiIsImtpZCI6ImF0X3NpZ25fb2JqZWN0X29iX0xZRFNfY3VycmVudCJ9.eyJpc3MiOiJsbG95ZHMiLCJwcml2YXRlIjoiQUFJa1pqWXhNMk0zWWpJdE5EQTJZaTAwWkdSbUxXSXhOV0V0Wm1SbFl6VTRNREF4TVRCa3k0OTFqVXhLaW9KekkyS0gwbG1hS1U4VS11dkVnTzhiZUM4OTdvbVBObktHTlQxUm5Id3lQWlRzR0o3WlRSUG9vRUNtRy1ZZHhuTTNtWHVwdzNHaXd2OFdWN2VkS204TUFiZ2NVbS03c3hWcnhqd1RUcTdWZjdpYjZEM05RNjhpNG5RQU1XTTdPdUxVSk4tSXh0NDl0USIsImV4cCI6MTY4NjQ5NjE4ODIzMywiaWF0IjoxNjc4NzIwMTg4MjMzfQ.Uy8-QDi49Ip0pYDMZjl4R4JEUTfq2HrXQzYRepUrpDaOKU5BoIyxJLQ2jiPIemmZzvPGCUkuqx5nqVz6YqKbK_kqO1hQFSvnE2s9ma75pGignOf43CEXc1kXzUP4BVhCXyiy0gPEHiiu4R2M2hZjDeKOQRRPr5AK_68Gc-3ILZCkDCg6RgpBTVXHIuk_6LJQdZZtYYHKxjEd5RlYsBV-EvBuzZOv4Q0yP7qPCvEIQXtw1UFtGtsX7gu38_0L03u2Jv0Tq6XkAA5TEMl5SbPy16fIIkmJnbVEF6rN6llTaB-a60IdWLPQuiiY--h_FCTu5RKYmGPBOsJNrqD65EGmDA",

"expires_in": 7776000,

"consented_on": 1678720188,

"scope": "openid accounts"

}
Request Param Parameter Example Value Description
URL secure-domain

OB Transport, OBWAC:https://secure-api.lloydsbank.com

OBWAC, QWAC:https://secure-api-eidas.lloydsbank.com/		 Please refer to the  Other Useful Information section for all brand specific domains
Data grant_type client_credentials The grant type being requested
Data client_id f613c7b2-406b-4ddf-b15a-fdec5800110d Your LBG application Client ID
Data client_secret O7cG2aN6vC3wO5fN8sW3jY2wK2cJ5iB5fF4tY3bE8oM7iI1mP8 Your LBG application client_secret, its not required for tls_client_auth method.
Data scope openid accounts The scope being requested.
Certs CACert Combination of Root & Intermediate Must provide in the request if the QWAC transport certs are being used. However this is optional for the OBWAC, OB Transport.
Header Requested Headers accept: application/json,cache-control: no-cache and content-type: application/x-www-form-urlencoded Headers are required to construct the request.

DCR - Update Client Application

The API allows the TPP to request the ASPSP to modify one or more attributes related to an existing client.

curl -k -–request PUT \

  • url{secure-domain}/prod01/lbg/dcr-api/v1.0/register/REPLACE_CLIENTID \
  • --key private-cert.key \
  • --cert public-cert.pem \
  • --cacert QTSP-root-ca.pem \
  • --header 'content-type: application/jose' \
  • --header 'accept: application/json' \
  • --header 'authorization: Bearer gktvoeyJhbGciOiJSUzI1NiIsImtpZCI6ImF0X3NpZ25fb2JqZWN0X29iX0xZRFNfY3VycmVudCJ9.eyJpc3MiOiJsbG95ZHMiLCJwcml2YXRlIjoiQUFJa1pqWXhNMk0zWWpJdE5EQTJZaTAwWkdSbUxXSXhOV0V0Wm1SbFl6VTRNREF4TVRCa3k0OTFqVXhLaW9KekkyS0gwbG1hS1U4VS11dkVnTzhiZUM4OTdvbVBObktHTlQxUm5Id3lQWlRzR0o3WlRSUG9vRUNtRy1ZZHhuTTNtWHVwdzNHaXd2OFdWN2VkS204TUFiZ2NVbS03c3hWcnhqd1RUcTdWZjdpYjZEM05RNjhpNG5RQU1XTTdPdUxVSk4tSXh0NDl0USIsImV4cCI6MTY4NjQ5NjE4ODIzMywiaWF0IjoxNjc4NzIwMTg4MjMzfQ.Uy8-QDi49Ip0pYDMZjl4R4JEUTfq2HrXQzYRepUrpDaOKU5BoIyxJLQ2jiPIemmZzvPGCUkuqx5nqVz6YqKbK_kqO1hQFSvnE2s9ma75pGignOf43CEXc1kXzUP4BVhCXyiy0gPEHiiu4R2M2hZjDeKOQRRPr5AK_68Gc-3ILZCkDCg6RgpBTVXHIuk_6LJQdZZtYYHKxjEd5RlYsBV-EvBuzZOv4Q0yP7qPCvEIQXtw1UFtGtsX7gu38_0L03u2Jv0Tq6XkAA5TEMl5SbPy16fIIkmJnbVEF6rN6llTaB-a60IdWLPQuiiY--h_FCTu5RKYmGPBOsJNrqD65EGmDA' \
  • --data 'eyJraWQiOiI3QXdIWFQ0TGJ6N3JiNnNXSkJoemZZV3l5V1EiLCJhbGciOiJQUzI1NiIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJ0eXAiOiJKT1NFIn0.eyJpc3MiOiIxeEZrUmNpcU9IbkJXak9VdWl1eXRpIiwiYXVkIjoib3BlbmJhbmtpbmdsbG95ZHMiLCJqdGkiOiIyZWI5NjAyMS1mZDliLTQ2NWEtYTRhNi1mNmY1NWZhMzY5MmYiLCJyZXNwb25zZV90eXBlcyI6WyJjb2RlIGlkX3Rva2VuIl0sInJlZGlyZWN0X3VyaXMiOlsiaHR0cHM6Ly9kZXZlbG9wZXIubGxveWRzYmFua2luZy5jb20iXSwidG9rZW5fZW5kcG9pbnRfYXV0aF9tZXRob2QiOiJ0bHNfY2xpZW50X2F1dGgiLCJncmFudF90eXBlcyI6WyJhdXRob3JpemF0aW9uX2NvZGUiLCJjbGllbnRfY3JlZGVudGlhbHMiXSwic2NvcGUiOiJvcGVuaWQgYWNjb3VudHMiLCJzdWJqZWN0X3R5cGUiOiJwdWJsaWMiLCJzb2Z0d2FyZV9zdGF0ZW1lbnQiOiJleUpoYkdjaU9pSlFVekkxTmlJc0ltdHBaQ0k2SWpKNWIwOUxMVkpJYmxkaE1EZEhVWFF0T1ZkcVZHRmhaV0l6UzJKZmVFaE1PR0phU1ZCb1NrbEZVMWs5SWl3aWRIbHdJam9pU2xkVUluMC5leUpwYzNNaU9pSlBjR1Z1UW1GdWEybHVaeUJNZEdRaUxDSnBZWFFpT2pFMk9UVTFOemd5Tmpnc0ltcDBhU0k2SWpjMlptSXlOakF5Tm1SaVlqUTFNVFVpTENKemIyWjBkMkZ5WlY5bGJuWnBjbTl1YldWdWRDSTZJbkJ5YjJSMVkzUnBiMjRpTENKemIyWjBkMkZ5WlY5dGIyUmxJam9pVEdsMlpTSXNJbk52Wm5SM1lYSmxYMmxrSWpvaWJUSnFla3RCTnpkYWRqZFNjVFYyUkdWbmVubExTQ0lzSW5OdlpuUjNZWEpsWDJOc2FXVnVkRjlwWkNJNkltMHlhbnBMUVRjM1duWTNVbkUxZGtSbFozcDVTMGdpTENKemIyWjBkMkZ5WlY5amJHbGxiblJmYm1GdFpTSTZJbEJ5YjJSMVkzUnBiMjRnUlhwdmNtOGdRWEJ3SWl3aWMyOW1kSGRoY21WZlkyeHBaVzUwWDJSbGMyTnlhWEIwYVc5dUlqb2lWRzhnWW1VZ2RYTmxaQ0JtYjNJZ2JtVjNJRlpOSUVWNmIzSnZJRUZ3Y0hNaUxDSnpiMlowZDJGeVpWOTJaWEp6YVc5dUlqb2lNUzR3SWl3aWMyOW1kSGRoY21WZlkyeHBaVzUwWDNWeWFTSTZJbWgwZEhCek9pOHZaR1YyWld4dmNHVnlMbXhzYjNsa2MySmhibXRwYm1jdVkyOXRMeUlzSW5OdlpuUjNZWEpsWDNKbFpHbHlaV04wWDNWeWFYTWlPbHNpYUhSMGNITTZMeTloY0hCc2RYWXdPVGxrTG0xaFkyaHBibVV1WjNKdmRYQTZNVEF3TlRBdmNtVmthWEpsWTNRaUxDSm9kSFJ3Y3pvdkwyRndjR3gxZGpBMk4yUXViV0ZqYUdsdVpTNW5jbTkxY0RveE1EQTFNQzl5WldScGNtVmpkQ0lzSW1oMGRIQnpPaTh2WVhCd2RIVjJNRFJpWmk1dFlXTm9hVzVsTG5SbGMzUXVaM0p2ZFhBNk1UQXdOVEF2Y21Wa2FYSmxZM1FpTENKb2RIUndjem92THpFeU55NHdMakF1TVRvNE5EUXpMMk52Ym1admNtMWhibU5sYzNWcGRHVXZZMkZzYkdKaFkyc2lMQ0pvZEhSd2N6b3ZMMlJsZG1Wc2IzQmxjaTVzYkc5NVpITmlZVzVyYVc1bkxtTnZiU0pkTENKemIyWjBkMkZ5WlY5eWIyeGxjeUk2V3lKQlNWTlFJaXdpVUVsVFVDSXNJa05DVUVsSklsMHNJbTl5WjJGdWFYTmhkR2x2Ymw5amIyMXdaWFJsYm5SZllYVjBhRzl5YVhSNVgyTnNZV2x0Y3lJNmV5SmhkWFJvYjNKcGRIbGZhV1FpT2lKR1EwRkhRbElpTENKeVpXZHBjM1J5WVhScGIyNWZhV1FpT2lJeE1Ua3lOemdpTENKemRHRjBkWE1pT2lKQlkzUnBkbVVpTENKaGRYUm9iM0pwYzJGMGFXOXVjeUk2VzNzaWJXVnRZbVZ5WDNOMFlYUmxJam9pUjBraUxDSnliMnhsY3lJNld5SlFTVk5RSWl3aVFVbFRVQ0lzSWtOQ1VFbEpJaXdpUVZOUVUxQWlYWDBzZXlKdFpXMWlaWEpmYzNSaGRHVWlPaUpIUWlJc0luSnZiR1Z6SWpwYklrRkpVMUFpTENKUVNWTlFJaXdpUVZOUVUxQWlMQ0pEUWxCSlNTSmRmVjE5TENKemIyWjBkMkZ5WlY5c2IyZHZYM1Z5YVNJNkltaDBkSEJ6T2k4dlpHVjJaV3h2Y0dWeUxteHNiM2xrYzJKaGJtdHBibWN1WTI5dEx5SXNJbTl5WjE5emRHRjBkWE1pT2lKQlkzUnBkbVVpTENKdmNtZGZhV1FpT2lJd01ERTFPREF3TURBd2FtWTVSMmRCUVVraUxDSnZjbWRmYm1GdFpTSTZJa3hzYjNsa2N5QkNZVzVySUZCTVF5SXNJbTl5WjE5amIyNTBZV04wY3lJNlczc2libUZ0WlNJNklsUmxZMmh1YVdOaGJDSXNJbVZ0WVdsc0lqb2lUMEpTWlhOd2IyNXpaWFJsWVcxQWJHeHZlV1J6WW1GdWEybHVaeTVqYjIwaUxDSndhRzl1WlNJNklpZ3JORFFwSURjM01EWWdNRFl6SURNNE1TSXNJblI1Y0dVaU9pSlVaV05vYm1sallXd2lmU3g3SW01aGJXVWlPaUpDZFhOcGJtVnpjeUlzSW1WdFlXbHNJam9pVDBKU1pYTndiMjV6WlhSbFlXMUFiR3h2ZVdSelltRnVhMmx1Wnk1amIyMGlMQ0p3YUc5dVpTSTZJaWdyTkRRcElEYzRPREFnTVRNNElEUTFNQ0lzSW5SNWNHVWlPaUpDZFhOcGJtVnpjeUo5WFN3aWIzSm5YMnAzYTNOZlpXNWtjRzlwYm5RaU9pSm9kSFJ3Y3pvdkwydGxlWE4wYjNKbExtOXdaVzVpWVc1cmFXNW5MbTl5Wnk1MWF5OHdNREUxT0RBd01EQXdhbVk1UjJkQlFVa3ZNREF4TlRnd01EQXdNR3BtT1VkblFVRkpMbXAzYTNNaUxDSnZjbWRmYW5kcmMxOXlaWFp2YTJWa1gyVnVaSEJ2YVc1MElqb2lhSFIwY0hNNkx5OXJaWGx6ZEc5eVpTNXZjR1Z1WW1GdWEybHVaeTV2Y21jdWRXc3ZNREF4TlRnd01EQXdNR3BtT1VkblFVRkpMM0psZG05clpXUXZNREF4TlRnd01EQXdNR3BtT1VkblFVRkpMbXAzYTNNaUxDSnpiMlowZDJGeVpWOXFkMnR6WDJWdVpIQnZhVzUwSWpvaWFIUjBjSE02THk5clpYbHpkRzl5WlM1dmNHVnVZbUZ1YTJsdVp5NXZjbWN1ZFdzdk1EQXhOVGd3TURBd01HcG1PVWRuUVVGSkwyMHlhbnBMUVRjM1duWTNVbkUxZGtSbFozcDVTMGd1YW5kcmN5SXNJbk52Wm5SM1lYSmxYMnAzYTNOZmNtVjJiMnRsWkY5bGJtUndiMmx1ZENJNkltaDBkSEJ6T2k4dmEyVjVjM1J2Y21VdWIzQmxibUpoYm10cGJtY3ViM0puTG5Wckx6QXdNVFU0TURBd01EQnFaamxIWjBGQlNTOXlaWFp2YTJWa0wyMHlhbnBMUVRjM1duWTNVbkUxZGtSbFozcDVTMGd1YW5kcmN5SXNJbk52Wm5SM1lYSmxYM0J2YkdsamVWOTFjbWtpT2lKb2RIUndjem92TDJSbGRtVnNiM0JsY2k1c2JHOTVaSE5pWVc1cmFXNW5MbU52YlM4aUxDSnpiMlowZDJGeVpWOTBiM05mZFhKcElqb2lhSFIwY0hNNkx5OWtaWFpsYkc5d1pYSXViR3h2ZVdSelltRnVhMmx1Wnk1amIyMHZJaXdpYzI5bWRIZGhjbVZmYjI1ZlltVm9ZV3htWDI5bVgyOXlaeUk2Ym5Wc2JIMC5zamVSWUU4SGMtNG5OSEhqd2VKMDh5Um90QTdad3cteE1jRF83UmhuZkRiQjRGV0dxYlpBNlNwVWZzWko0MkZybUJfZTBWTHlFWUlxamYxSGlOQ2FtXzhSanF6c0htR1lDTlZKbWJVaXhRNDB3akJLR2tBd0Z1OV9pX1NqeVBMeUZyNnRfcHk3RWprQ256ZmZmUVhMcDI4NFZyaHlxT1k3RUp0TlRSb0Y3b1NLcWlkZkJkU3RyN1NvRGpqX1c2WHI4QXRJUmhnbl9kcEFwVVZkSF9JQ0FzWXRQQmZsMEZHRVNsWE50azliLUxoZ0hOenZnWTNTNXV0RVdES2txN0dFdmdLTVRkakxjTTRiSDBqSk8xU2hHcVdwVVpkOVdrYVEwS29pWncxVkR2ZU1iSENYU184ejlxLVI1Z195QnJfSXVxaFVlY0lBLURud0NXVU5IdzJlb1EiLCJzb2Z0d2FyZV9pZCI6Im0yanpLQTc3WnY3UnE1dkRlZ3p5S0giLCJhcHBsaWNhdGlvbl90eXBlIjoid2ViIiwiaWRfdG9rZW5fc2lnbmVkX3Jlc3BvbnNlX2FsZyI6IlBTMjU2IiwicmVxdWVzdF9vYmplY3Rfc2lnbmluZ19hbGciOiJQUzI1NiIsInRva2VuX2VuZHBvaW50X2F1dGhfc2lnbmluZ19hbGciOiJQUzI1NiIsInRsc19jbGllbnRfYXV0aF9zdWJqZWN0X2RuIjoiL0M9R0IvTz1MbG95ZHMgQmFuayBQTEMvb3JnYW5pemF0aW9uSWRlbnRpZmllcj1QU0RHQi1GQ0EtMTE5Mjc4L0NOPTAwMTU4MDAwMDBqZjlHZ0FBSSIsImlhdCI6MTY5NTY0MjcwNDAxOCwiZXhwIjoxNjk1NjQyNzA3NjE4fQ.qu3VEo2cqbNN-zNPM3BxlSgHeJTLqQU4h7F_6tqd8A14O_svnfUKss4ZYBktnqNaez8d6dlDPT8Qj8H9vyqvIcwSpGPnFaFVi7num1dRC52BNXeK5zoceocJM5A2IwPllS6xK67GKhPjfXWQcK7oo6Tp-v76s9TrIK-uTNd5QfgdnFOG5mO8RihgtFKxFXdhAEk-aPlQwjapElNwpnLSkGeAyBgnWoUinrv1Q5pJ3zPUbDN_aiNLcI_GKnA9Ktglp12xXzCixGlUpmbmiTwjzs8ov1Gfowc74rHpkZ3AqZmmuV7NrsMQY3MmHBEW37eI2lGSrn9KXnNKJ5yYC8T8OA’
{ "client_id": "f613c7b2-406b-4ddf-b15a-fdec5800110d", "client_secret": "********************************************", "client_id_issued_at": 1678719693, "redirect_uris": [ "https://developer.lloydsbanking.com" ], "token_endpoint_auth_method": "client_secret_basic", "grant_types": [ "authorization_code" ], "response_types": [ "code id_token" ], "software_id": "m2jzKA77Zv7Rq5vDegzyKH", "scope": "openid accounts", "software_statement": "eyJhbGciOiJQUzI1NiIsImtpZCI6IjJ5b09LLVJIbldhMDdHUXQtOVdqVGFhZWIzS2JfeEhMOGJaSVBoSklFU1k9IiwidHlwIjoiSldUIn0.eyJpc3MiOiJPcGVuQmFua2luZyBMdGQiLCJpYXQiOjE2OTU1NzgyNjgsImp0aSI6Ijc2ZmIyNjAyNmRiYjQ1MTUiLCJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6InByb2R1Y3Rpb24iLCJzb2Z0d2FyZV9tb2RlIjoiTGl2ZSIsInNvZnR3YXJlX2lkIjoibTJqektBNzdadjdScTV2RGVnenlLSCIsInNvZnR3YXJlX2NsaWVudF9pZCI6Im0yanpLQTc3WnY3UnE1dkRlZ3p5S0giLCJzb2Z0d2FyZV9jbGllbnRfbmFtZSI6IlByb2R1Y3Rpb24gRXpvcm8gQXBwIiwic29mdHdhcmVfY2xpZW50X2Rlc2NyaXB0aW9uIjoiVG8gYmUgdXNlZCBmb3IgbmV3IFZNIEV6b3JvIEFwcHMiLCJzb2Z0d2FyZV92ZXJzaW9uIjoiMS4wIiwic29mdHdhcmVfY2xpZW50X3VyaSI6Imh0dHBzOi8vZGV2ZWxvcGVyLmxsb3lkc2JhbmtpbmcuY29tLyIsInNvZnR3YXJlX3JlZGlyZWN0X3VyaXMiOlsiaHR0cHM6Ly9hcHBsdXYwOTlkLm1hY2hpbmUuZ3JvdXA6MTAwNTAvcmVkaXJlY3QiLCJodHRwczovL2FwcGx1djA2N2QubWFjaGluZS5ncm91cDoxMDA1MC9yZWRpcmVjdCIsImh0dHBzOi8vYXBwdHV2MDRiZi5tYWNoaW5lLnRlc3QuZ3JvdXA6MTAwNTAvcmVkaXJlY3QiLCJodHRwczovLzEyNy4wLjAuMTo4NDQzL2NvbmZvcm1hbmNlc3VpdGUvY2FsbGJhY2siLCJodHRwczovL2RldmVsb3Blci5sbG95ZHNiYW5raW5nLmNvbSJdLCJzb2Z0d2FyZV9yb2xlcyI6WyJBSVNQIiwiUElTUCIsIkNCUElJIl0sIm9yZ2FuaXNhdGlvbl9jb21wZXRlbnRfYXV0aG9yaXR5X2NsYWltcyI6eyJhdXRob3JpdHlfaWQiOiJGQ0FHQlIiLCJyZWdpc3RyYXRpb25faWQiOiIxMTkyNzgiLCJzdGF0dXMiOiJBY3RpdmUiLCJhdXRob3Jpc2F0aW9ucyI6W3sibWVtYmVyX3N0YXRlIjoiR0kiLCJyb2xlcyI6WyJQSVNQIiwiQUlTUCIsIkNCUElJIiwiQVNQU1AiXX0seyJtZW1iZXJfc3RhdGUiOiJHQiIsInJvbGVzIjpbIkFJU1AiLCJQSVNQIiwiQVNQU1AiLCJDQlBJSSJdfV19LCJzb2Z0d2FyZV9sb2dvX3VyaSI6Imh0dHBzOi8vZGV2ZWxvcGVyLmxsb3lkc2JhbmtpbmcuY29tLyIsIm9yZ19zdGF0dXMiOiJBY3RpdmUiLCJvcmdfaWQiOiIwMDE1ODAwMDAwamY5R2dBQUkiLCJvcmdfbmFtZSI6Ikxsb3lkcyBCYW5rIFBMQyIsIm9yZ19jb250YWN0cyI6W3sibmFtZSI6IlRlY2huaWNhbCIsImVtYWlsIjoiT0JSZXNwb25zZXRlYW1AbGxveWRzYmFua2luZy5jb20iLCJwaG9uZSI6IigrNDQpIDc3MDYgMDYzIDM4MSIsInR5cGUiOiJUZWNobmljYWwifSx7Im5hbWUiOiJCdXNpbmVzcyIsImVtYWlsIjoiT0JSZXNwb25zZXRlYW1AbGxveWRzYmFua2luZy5jb20iLCJwaG9uZSI6IigrNDQpIDc4ODAgMTM4IDQ1MCIsInR5cGUiOiJCdXNpbmVzcyJ9XSwib3JnX2p3a3NfZW5kcG9pbnQiOiJodHRwczovL2tleXN0b3JlLm9wZW5iYW5raW5nLm9yZy51ay8wMDE1ODAwMDAwamY5R2dBQUkvMDAxNTgwMDAwMGpmOUdnQUFJLmp3a3MiLCJvcmdfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZy5vcmcudWsvMDAxNTgwMDAwMGpmOUdnQUFJL3Jldm9rZWQvMDAxNTgwMDAwMGpmOUdnQUFJLmp3a3MiLCJzb2Z0d2FyZV9qd2tzX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZy5vcmcudWsvMDAxNTgwMDAwMGpmOUdnQUFJL20yanpLQTc3WnY3UnE1dkRlZ3p5S0guandrcyIsInNvZnR3YXJlX2p3a3NfcmV2b2tlZF9lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmcub3JnLnVrLzAwMTU4MDAwMDBqZjlHZ0FBSS9yZXZva2VkL20yanpLQTc3WnY3UnE1dkRlZ3p5S0guandrcyIsInNvZnR3YXJlX3BvbGljeV91cmkiOiJodHRwczovL2RldmVsb3Blci5sbG95ZHNiYW5raW5nLmNvbS8iLCJzb2Z0d2FyZV90b3NfdXJpIjoiaHR0cHM6Ly9kZXZlbG9wZXIubGxveWRzYmFua2luZy5jb20vIiwic29mdHdhcmVfb25fYmVoYWxmX29mX29yZyI6bnVsbH0.sjeRYE8Hc-4nNHHjweJ08yRotA7Zww-xMcD_7RhnfDbB4FWGqbZA6SpUfsZJ42FrmB_e0VLyEYIqjf1HiNCam_8RjqzsHmGYCNVJmbUixQ40wjBKGkAwFu9_i_SjyPLyFr6t_py7EjkCnzfffQXLp284VrhyqOY7EJtNTRoF7oSKqidfBdStr7SoDjj_W6Xr8AtIRhgn_dpApUVdH_ICAsYtPBfl0FGESlXNtk9b-LhgHNzvgY3S5utEWDKkq7GEvgKMTdjLcM4bH0jJO1ShGqWpUZd9WkaQ0KoiZw1VDveMbHCXS_8z9q-R5g_yBr_IuqhUecIA-DnwCWUNHw2eoQ", "application_type": "web", "id_token_signed_response_alg": "PS256", "request_object_signing_alg": "PS256", "token_endpoint_auth_signing_alg": "PS256", "tls_client_auth_subject_dn": "lloyds" }
Request Param Parameter Example Value Description
URL secure-domain

OB Transport, OBWAC:https://secure-api.lloydsbank.com

OBWAC, QWAC:https://secure-api-eidas.lloydsbank.com/

Please refer to the  Other Useful Information section for all brand specific domains

Certs CACert Combination of Root & Intermediate (Full chain) Must provide in the request if the QWAC transport certs are being used. However this is optional for the OBWAC, OB Transport.
Data Nested JWS with SSA Valid JWS token Construct the request payload as the OBIE Dynamic Client Registration V3.2
Key Public and Private Key Files of public and private key These Keys are provided by OBIE directory.
Header Requested Headers content-type: application/jose,accept: application/json,authorization: Bearer Access token Headers are required to construct the request.
 

DCR - View Client Application

The API allows the TPP to retrieve the details for a client that has already been registered.

curl -k -X GET\

  • --url {secure-domain}/prod01/lbg/dcr-api/v1.0/register/REPLACE_CLIENTID \
  • --key private-cert.key \
  • --cert public-cert.pem \
  • --cacert QTSP-root-ca.pem \
  • --header 'accept: application/json' \
  • --header 'content-type: application/jose' \
  • --header 'authorization: Bearer gktvoeyJhbGciOiJSUzI1NiIsImtpZCI6ImF0X3NpZ25fb2JqZWN0X29iX0xZRFNfY3VycmVudCJ9.eyJpc3MiOiJsbG95ZHMiLCJwcml2YXRlIjoiQUFJa1pqWXhNMk0zWWpJdE5EQTJZaTAwWkdSbUxXSXhOV0V0Wm1SbFl6VTRNREF4TVRCa3k0OTFqVXhLaW9KekkyS0gwbG1hS1U4VS11dkVnTzhiZUM4OTdvbVBObktHTlQxUm5Id3lQWlRzR0o3WlRSUG9vRUNtRy1ZZHhuTTNtWHVwdzNHaXd2OFdWN2VkS204TUFiZ2NVbS03c3hWcnhqd1RUcTdWZjdpYjZEM05RNjhpNG5RQU1XTTdPdUxVSk4tSXh0NDl0USIsImV4cCI6MTY4NjQ5NjE4ODIzMywiaWF0IjoxNjc4NzIwMTg4MjMzfQ.Uy8-QDi49Ip0pYDMZjl4R4JEUTfq2HrXQzYRepUrpDaOKU5BoIyxJLQ2jiPIemmZzvPGCUkuqx5nqVz6YqKbK_kqO1hQFSvnE2s9ma75pGignOf43CEXc1kXzUP4BVhCXyiy0gPEHiiu4R2M2hZjDeKOQRRPr5AK_68Gc-3ILZCkDCg6RgpBTVXHIuk_6LJQdZZtYYHKxjEd5RlYsBV-EvBuzZOv4Q0yP7qPCvEIQXtw1UFtGtsX7gu38_0L03u2Jv0Tq6XkAA5TEMl5SbPy16fIIkmJnbVEF6rN6llTaB-a60IdWLPQuiiY--h_FCTu5RKYmGPBOsJNrqD65EGmDA'
{ "client_id": "f613c7b2-406b-4ddf-b15a-fdec5800110d", "software_id": "m2jzKA77Zv7Rq5vDegzyKH", "software_statement": "eyJhbGciOiJQUzI1NiIsImtpZCI6ImR6cXV3U1RubUFiN0owMWRWRGZJd2oxS1ctYUQ4M1RYTTFtVmJvOWtkRWs9IiwidHlwIjoiSldUIn0.eyJpc3MiOiJPcGVuQmFua2luZyBMdGQiLCJpYXQiOjE2NzUzMzMyNjMsImp0aSI6ImYwYmY4YzgzZDNhZTRjMGIiLCJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6InNhbmRib3giLCJzb2Z0d2FyZV9tb2RlIjoiVGVzdCIsInNvZnR3YXJlX2lkIjoiMEZ3MWNwdlREbUlDaGNJRTFmSDBHUiIsInNvZnR3YXJlX2NsaWVudF9pZCI6IjBGdzFjcHZURG1JQ2hjSUUxZkgwR1IiLCJzb2Z0d2FyZV9jbGllbnRfbmFtZSI6IkZNTyBBcHAiLCJzb2Z0d2FyZV9jbGllbnRfZGVzY3JpcHRpb24iOiJUZXN0Iiwic29mdHdhcmVfdmVyc2lvbiI6MS4wLCJzb2Z0d2FyZV9jbGllbnRfdXJpIjoiaHR0cHM6Ly9kZXZlbG9wZXIubGxveWRzYmFua2luZy5jb20vIiwic29mdHdhcmVfcmVkaXJlY3RfdXJpcyI6WyJodHRwczovL2RldmVsb3Blci5sbG95ZHNiYW5raW5nLmNvbSIsImh0dHBzOi8vc2l0MDEtZGV2ZWxvcGVyLmxsb3lkc2JhbmtpbmcuY29tIiwiaHR0cHM6Ly9zaXQwMi1kZXZlbG9wZXIubGxveWRzYmFua2luZy5jb20iXSwic29mdHdhcmVfcm9sZXMiOlsiUElTUCIsIkFJU1AiLCJDQlBJSSJdLCJvcmdhbmlzYXRpb25fY29tcGV0ZW50X2F1dGhvcml0eV9jbGFpbXMiOnsiYXV0aG9yaXR5X2lkIjoiRkNBR0JSIiwicmVnaXN0cmF0aW9uX2lkIjoiMTE5Mjc4Iiwic3RhdHVzIjoiQWN0aXZlIiwiYXV0aG9yaXNhdGlvbnMiOlt7Im1lbWJlcl9zdGF0ZSI6IkdCIiwicm9sZXMiOlsiQUlTUCIsIlBJU1AiLCJDQlBJSSIsIkFTUFNQIl19LHsibWVtYmVyX3N0YXRlIjoiSUUiLCJyb2xlcyI6WyJQSVNQIiwiQVNQU1AiLCJDQlBJSSIsIkFJU1AiXX0seyJtZW1iZXJfc3RhdGUiOiJOTCIsInJvbGVzIjpbIkFTUFNQIiwiQ0JQSUkiLCJQSVNQIiwiQUlTUCJdfV19LCJzb2Z0d2FyZV9sb2dvX3VyaSI6Imh0dHBzOi8vZGV2ZWxvcGVyLmxsb3lkc2JhbmtpbmcuY29tLyIsIm9yZ19zdGF0dXMiOiJBY3RpdmUiLCJvcmdfaWQiOiIwMDE1ODAwMDAwamY5R2dBQUkiLCJvcmdfbmFtZSI6Ikxsb3lkcyBCYW5rIFBMQyIsIm9yZ19jb250YWN0cyI6W3sibmFtZSI6IlRlY2huaWNhbCIsImVtYWlsIjoiT0JSZXNwb25zZXRlYW1AbGxveWRzYmFua2luZy5jb20iLCJwaG9uZSI6IigrNDQpIDc3MDYgMDYzIDM4MSIsInR5cGUiOiJUZWNobmljYWwifSx7Im5hbWUiOiJCdXNpbmVzcyIsImVtYWlsIjoiT0JSZXNwb25zZXRlYW1AbGxveWRzYmFua2luZy5jb20iLCJwaG9uZSI6IigrNDQpIDc3MDYwNjMzODEiLCJ0eXBlIjoiQnVzaW5lc3MifV0sIm9yZ19qd2tzX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDBqZjlHZ0FBSS8wMDE1ODAwMDAwamY5R2dBQUkuandrcyIsIm9yZ19qd2tzX3Jldm9rZWRfZW5kcG9pbnQiOiJodHRwczovL2tleXN0b3JlLm9wZW5iYW5raW5ndGVzdC5vcmcudWsvMDAxNTgwMDAwMGpmOUdnQUFJL3Jldm9rZWQvMDAxNTgwMDAwMGpmOUdnQUFJLmp3a3MiLCJzb2Z0d2FyZV9qd2tzX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDBqZjlHZ0FBSS8wRncxY3B2VERtSUNoY0lFMWZIMEdSLmp3a3MiLCJzb2Z0d2FyZV9qd2tzX3Jldm9rZWRfZW5kcG9pbnQiOiJodHRwczovL2tleXN0b3JlLm9wZW5iYW5raW5ndGVzdC5vcmcudWsvMDAxNTgwMDAwMGpmOUdnQUFJL3Jldm9rZWQvMEZ3MWNwdlREbUlDaGNJRTFmSDBHUi5qd2tzIiwic29mdHdhcmVfcG9saWN5X3VyaSI6Imh0dHBzOi8vZGV2ZWxvcGVyLmxsb3lkc2JhbmtpbmcuY29tLyIsInNvZnR3YXJlX3Rvc191cmkiOiJodHRwczovL2RldmVsb3Blci5sbG95ZHNiYW5raW5nLmNvbS8iLCJzb2Z0d2FyZV9vbl9iZWhhbGZfb2Zfb3JnIjpudWxsfQ.c4HFKZo0MlSSLN24mpDEXYL9Tt9HAtzOoo4yhx5ClUK12rEn6CigpqEdlp7yQf1485KpL5m-Td9l9FMCyTeVYe8OAfnfle94i9STCyUi7dTbsDy8z4Zwi_4v_Wcn7tZEV22fEz7i4orNaq3G8gv391O87JOSw6IFrhZ_MVnXxz3wY0F1yC7G8nwSF0rc4TXlixlBUznONI1Oqc7AAN28M9zEmXpZihkuTu1xfR_kpK2jO9Oy6rbQGqKMF4ab5aEsTgtPZ-eMeD6cwSIbth9sYtxynvwFZPsI62Fn3MSoC1rkntZCHtqscJh_Wj6fLyHZAHAGWBf1YISLbkhUjoRocA" }
Request Param Parameter Example Value Description
URL secure-domain

OB Transport, OBWAC:https://secure-api.lloydsbank.com

OBWAC, QWAC:https://secure-api-eidas.lloydsbank.com/

Please refer to the  Other Useful Information section for all brand specific domains

Certs CACert Combination of Root & Intermediate (Full chain) Must provide in the request if the QWAC transport certs are being used. However this is optional for the OBWAC, OB Transport.
Key Public and Private Key Files of public and private key These Keys are provided by OBIE directory.
Header Requested Headers content-type: application/jose,accept: application/json,authorization: Bearer Access token Headers are required to construct the request.

DCR - Delete Client Application API

The API allows the TPP to request the ASPSP to delete an existing client.

curl --location -g --request DELETE \

  • --url {secure-domain}/prod01/lbg/dcr-api/v1.0/register/REPLACE_CLIENTID \
  • --key private-cert.key \
  • --cert public-cert.pem \
  • --cacert QTSP-root-ca.pem \
  • --header 'accept: application/json' \
  • --header 'content-type: application/jose' \
  • --header 'authorization: Bearer gktvoeyJhbGciOiJSUzI1NiIsImtpZCI6ImF0X3NpZ25fb2JqZWN0X29iX0xZRFNfY3VycmVudCJ9.eyJpc3MiOiJsbG95ZHMiLCJwcml2YXRlIjoiQUFJa1pqWXhNMk0zWWpJdE5EQTJZaTAwWkdSbUxXSXhOV0V0Wm1SbFl6VTRNREF4TVRCa3k0OTFqVXhLaW9KekkyS0gwbG1hS1U4VS11dkVnTzhiZUM4OTdvbVBObktHTlQxUm5Id3lQWlRzR0o3WlRSUG9vRUNtRy1ZZHhuTTNtWHVwdzNHaXd2OFdWN2VkS204TUFiZ2NVbS03c3hWcnhqd1RUcTdWZjdpYjZEM05RNjhpNG5RQU1XTTdPdUxVSk4tSXh0NDl0USIsImV4cCI6MTY4NjQ5NjE4ODIzMywiaWF0IjoxNjc4NzIwMTg4MjMzfQ.Uy8-QDi49Ip0pYDMZjl4R4JEUTfq2HrXQzYRepUrpDaOKU5BoIyxJLQ2jiPIemmZzvPGCUkuqx5nqVz6YqKbK_kqO1hQFSvnE2s9ma75pGignOf43CEXc1kXzUP4BVhCXyiy0gPEHiiu4R2M2hZjDeKOQRRPr5AK_68Gc-3ILZCkDCg6RgpBTVXHIuk_6LJQdZZtYYHKxjEd5RlYsBV-EvBuzZOv4Q0yP7qPCvEIQXtw1UFtGtsX7gu38_0L03u2Jv0Tq6XkAA5TEMl5SbPy16fIIkmJnbVEF6rN6llTaB-a60IdWLPQuiiY--h_FCTu5RKYmGPBOsJNrqD65EGmDA'
Successfully deleted
Request Param Parameter Example Value Description
URL secure-domain

OB Transport, OBWAC:https://secure-api.lloydsbank.com

OBWAC, QWAC:https://secure-api-eidas.lloydsbank.com/

Please refer to the  Other Useful Information section for all brand specific domains

Certs CACert Combination of Root & Intermediate (Full chain) Must provide in the request if the QWAC transport certs are being used. However this is optional for the OBWAC, OB Transport.
Key Public and Private Key Files of public and private key These Keys are provided by OBIE directory.
Header Requested Headers content-type: application/jose,accept: application/json,authorization: Bearer Access token Headers are required to construct the request.

Open Data APIs

In this Article

OPEN DATA APIs

The following section contains useful information for TPPs who wish to consume Lloyds Banking Group’s Open Data APIs, broken down by each group of APIs.

DATA LATENCY IN LLOYDS BANKING GROUP OPEN DATA API

TPPs should be aware that on the initial release of Open Data v2.1.1, in some circumstances (for example Bank of England rate changes), the Open Data API may be up to 18 hrs out of sync with equivalent data presented via the bank’s public website. TPPs can expect full synchronicity at the latest by 18:00 each day.

TPPs are advised to consider the possibility of this latency in the design of their services, communications with PSUs and, in the case of price comparison uses, take steps to advise the customer that in exceptional circumstances the product available at the point of application may differ from that at the point of comparison.

ATM / BRANCH

Exception Description
Branch Identification

For ATMs that are linked to a physical branch, ATM API Branch Identification = Branch API Branch Identification.

For ATMs that are not linked to a physical branch, the ATM API Branch Identification’s final 2 digits are ‘99’.
 

PCA

Exception Description
Account Behaviour Conditions

The data standard does not currently allow for conditions to be associated with certain fees and benefits. Lloyds Banking Group has addressed this by including notes with the related items. TPPs should be aware of this when consuming the data in the API. For example, as at launch of the API, the following notes were included in the data for certain products:

Notes from OtherFeesCharges for Club Lloyds:

The Club Lloyds monthly account fee comprises of:

Club Lloyds monthly account fee is Free or £3 per month.

The £3 fee is waived for each month you pay in at least £1,500 into your account. If in any month you don't pay in this amount, you will need to pay the £3 monthly account fee.

Notes from OtherFeesCharges for Club Lloyds Platinum:

The Club Lloyds Platinum monthly account fee comprises of:

  • Platinum Account monthly account fee of £17 per month
  • Club Lloyds monthly account fee is Free or £3 per month

The £3 fee is waived for each month you pay in at least £1,500 into your account. If in any month you don't pay in this amount, you will need to pay the £3 monthly account fee.

Maximum combined monthly account fee of £20 per month.

Notes from FeaturesBenefits for Halifax Reward:

£3 reward each month you pay in £750 or more, pay out at least 2 different direct debits and stay in credit. If in any month you miss out on the £3 reward, you can still get it in future months too (when you meet the qualifying requirements.

Notes from FeaturesBenefits for Halifax Ultimate Reward Account:

A lower monthly fee of £12 applies if in the previous calendar month you pay in £750 or more and pay out at least 2 different direct debits and remain in credit.

You also need to keep your account open/not change it to a different current account until the fee is due to be debited (by the 2nd working day of the following calendar month).
Packaged Accts “Packaged” is shown as Segment under PCA; there is no FeatureBenefitGroup - Type option specifically for “Packaged” Bank Accounts so Lloyds Banking Group are recording as ‘Other’.
Vantage Product Lloyds Banking Group maintains separate API data records for Bank of Scotland Classic Vantage Account and Bank of Scotland Platinum Vantage Account as these are distinct products with their own product identifiers.
Club Products Lloyds Banking Group maintains separate API data records for Club Lloyds and Club Lloyds Platinum as these are distinct products with their own product identifiers.
PCAs not eligible for Overdrafts

Lloyds Banking Group has the following products that do not provide an overdraft facility, and has referenced this as a product Note on the PCAMarketingState tab

  • Lloyds Basic Account
  • Lloyds Under 19’s Account
  • Bank of Scotland Basic Account
  • Bank of Scotland Under 19’s Account
  • Halifax Basic Account
  • Halifax ExpressCash Account
Unplanned Overdrafts Lloyds Banking Group no longer charges for Unplanned Overdrafts so this is not referenced anywhere in API data records.
Card withdrawal limits No specific field for ATM daily withdrawal limits so Lloyds Banking Group uses the Notes fields in the Features and Benefits.
Linking Account Information API to Open Data PCA products

Account Information API can only be linked to the Open Data for front book (on sale) products. Where Product Identifier is returned for a particular customer account (following a call to Account Information /accounts/{AccountId}/product) it means that the customer is on a product for which the terms, features and benefits can be found in the Open Data. This Product Identifier can be used to locate that product in the Open Data PCA API

This linking mechanism is only available at a product level so if multiple marketing state variations exist in Open Data for that product then the TPP should engage in further dialogue with the account holder to determine which applies to their present situation.

For example, for the Lloyds Bank Student product terms vary depending on the academic year the student is in. These are represented as marketing states in the Open Data API, so while the linkage will allow a TPP to identify if the customer has a student product it will not facilitate the identification of the year of study, therefore the TPP will have to gather further information from the customer to identify the relevant PCA information.
Promotional vs. Destination products

Distinction between promotion ending and destination products:

  1. Promotions are detailed on the MarketingState within each applicable product. For example, in URCA, the Marketing State section indicates that there is a promotional offer available on the product, the duration and what this relates to, e.g. overdraft switcher offer for 6 months. There is then a promotional section with details of the overdraft offer and a regular section with the standard overdraft details. The promotional section includes notes on the promotion and the fee is showing as zero, whereas in the regular tab it has 1p per £7 borrowed.
  2. Destination products – on a student account, the customer will eventually graduate and not be eligible. The next account is not detailed.
Credit Interest

Lloyds Banking Group has the following products that offer Credit Interest on account balances within a defined tier and this will be reflected on the CreditInterest tab. Any account balance outside of the defined tier values will not receive credit interest.

  • Lloyds Under 19’s Account
  • Lloyds Club Lloyds Account
  • Lloyds Club Platinum Account
  • Halifax ExpressCash Account
  • Bank of Scotland Under 19’s Account
  • Bank of Scotland Classic Vantage Account
  • Bank of Scotland Platinum Vantage Account
 

BUSINESS CURRENT ACCOUNTS (BCAS) - £0 - £1M TURNOVER

API Section Field(s) Usage Notes
Overdraft

Overdraft/Notes

OverdraftFeeCharge Cap/Notes

 Notes fields within the Overdraft section have been set as String (len 2000) rather than Array of strings (len 2000).
Overdraft OverdraftFeeCharge Detail/Notes Conditions which are applied to when certain fee/charges may be applied to an account are shown within the corresponding Notes field, linked via the corresponding OverdraftFeeChargeDetail (ID) value.
Eligibility ResidencyIncluded Regex pattern for this field insists on four characters, although it ought to be defined as up to four characters.
Other Fees Charges

FeeChargeDetail(ID)/ FeeType

FeeChargeDetail(ID)/ OtherFeeType

FeeChargeDetail(ID)/ FeeCategory

FeeCategory to FeeType mapping from CodeList references different enumerations compared to DD and Swagger specifications; the reason for this because the stated enumerations do not accurately reflect the categorisation of Fees and Charges by Lloyds Banking Group.

This will not impact consumption of the data because the enumeration mappings are not forced within the Swagger.
Other Fees Charges

FeeChargeDetail(ID)/ FeeAmount

FeeChargeDetail(ID)/ Notes

For some FeeTypes, the corresponding FeeAmount fields may be blank because:

Conditions may apply which determine what price is charged for a particular transaction.

The price of a particular transaction may vary depending on Customer and/or Account behaviour.

The price of a particular transaction may be controlled/determined by a third party (i.e. not Lloyds Banking Group).

Prices for a particular non-standard transaction are available via a discussion with the Customer.

Anywhere where the FeeAmount field is blank will be explained/supported within the corresponding Notes field, linked via the corresponding FeeChargeDetail (ID) value.
Mapping of Account Information API (Transactional Data) to the Open Data API (Product Information) BCA(ID)/Identification

Transactional data made available via the Account Information API can only be linked/mapped to the Open Data API for front book (on sale) products only; these include products which may have elements within them which are no longer offered (e.g. discontinued overdraft offerings no longer available for new lending).

Where a Product Identifier is returned for a particular customer account (following a call to Account Information /accounts/{AccountId}/product) it means that the account is on a product for which the terms and conditions, features and benefits, and pricing information can be found in the Open Data API content. This Product Identifier can be used to locate that product within the Open Data BCA API content.

Exceptions to the above will be where an underlying product may be shared by different customer segments (e.g. which have distinct Terms and Conditions which will apply) each of which is published via the Open Data API, but where customer and/or segment level (in addition to Account-level) information would be required to determine the correct mapping; this complexity for specialist BCA products is not supported at this time. Examples of these products would be the Schools Account, Treasurers’ Account and Credit Union Account.
 

SME BUSINESS CURRENT ACCOUNTS (BCAS) - TURNOVER £1M-25M

Exception Description
Mandatory / optional fields Most optional fields have been left unpopulated due to either (a) being not applicable for the product (b) having variations depending on the customer type.
Products All Lloyds Bank products currently are identical to those for Bank of Scotland with the exception of brand, product identifiers, product naming and the Unauthorised Borrowing Rate for overdrafts which is different for each brand.
Marketing State No products have promotional marketing states – only one single regular state per product.
Credit interest Only one product (School Banking Account) currently pays credit interest as standard. It has no tiers or banding just a single gross rate applicable for balances of £1 and above.
Overdrafts Only customers with Business Extra or Electronic Business Tariff products can currently have an overdraft facility. Identical overdrafts rates (with the exception mentioned above) and fees are applicable for all tiers/bands. Unauthorised Borrowing and Unpaid Item fees are represented in the Overdraft section not under Other Fees and Charges section.
Eligibility Only the entity yearly turnover (£1m-25m) is specified as a requirement for opening or managing accounts. Other eligibility requirements are handled at account opening and may vary depending on the customer – they are optional fields and are left blank.
Fees and Charges

Several fees have been bundled under the ‘Other’ FeeCategory as the codelist supplied did not sufficiently represent the type of fee (description).

Fees and charges are generally unsorted. It was unknown whether they should be sorted according to FeeCategory, how we as a bank should wish to sort them or how a TPP would approach sorting and display to the customer. In addition, if sorted by FeeCategory the fees under the ‘Other’ FeeCategory may be badly ‘positioned’ in a list. Criteria for sorting or presentation of data may also apply equally to features and benefits.

Where fees have been represented under the ‘Other’ FeeCategory the description of the fee will reside under the ‘OtherFeetype’ construct.

Where fee amounts (FeeAmounts) could not be represented by a single value then they are defined under the FeeChargeDetail construct.
 

SME LOANS (SMELS) - £0 - £1M TURNOVER

API Section Field(s) Usage Notes
Eligibility ResidencyIncluded Regex pattern for this field insists on four characters, although it ought to be defined as up to four characters. Values provided state “UK” which would be highlighted as a fail.
 

SME LOANS (SMELS) - £1M - £25M TURNOVER

Exception Description
Product Maximum Loan Amount The largest standard loan amount is £25,000 however in exceptional circumstances if the client’s situation and financial stability is sufficient a loan of up to £50,000 may be considered. This is covered in the notes section.
Eligibility Financial Holdings It is necessary for a customer to hold a current account with Lloyds Banking Group in order to facilitate the business loan. Customers reviewing data may also therefore be interested in viewing Lloyds Banking Group business current accounts on offer.
SIC Codes Lloyds Banking Group has opted to leave the SIC code section blank as there are no industries which would be considered automatically ineligible for a business loan. Customers should be encouraged to contact the bank if they would like additional details.
Fixed Rate APR Our fixed rate business loan product only utilises a single rate and as the current product is set up this would not change. A new product would be created if we ever chose to change this aspect of our business loans.
SME Loan Segment Our Base Rate Business Loans provide additional flexibility to our business customers however our Fixed Rate Business Loans will be restricted to clients with sufficient collateral to cover the loan.
 

BUSINESS CREDIT CARDS

Exception Description
Eligibility Financial Holdings It is necessary for a customer to hold a current account with Lloyds Banking Group before we will issue a business credit card. Customers reviewing data may also therefore be interested in viewing Lloyds Banking Group business current accounts on offer.
Eligibility MinMax Business Credit Cards are split by turnover however there are no functional differences to these products by design. Similarities are not an error and should be presented as directed.
 
Prev Next

Contact and support

For general queries, please email :- obresponseteam@lloydsbanking.com
We will be able to respond from 9am to 5pm Monday to Friday, except public holidays.

For technical Issues please log a ticket via the OBSD:- Sign in - Open Banking

FAQs

How should I use the Open Banking Model Bank

The OBIE has set up a ‘Developer Zone’ for TPP developers. This contains the Open Banking API specifications and Data Standards required to build your own applications. You should use these as the standards against which you should develop your applications.

The OBIE Developer Zone can found here.

Do you have a Sandbox environment for me to do my development against?

We do not currently support a Sandbox environment. The OBIE has built a Sandbox environment (Model Bank) to enable developers to prototype solutions against its specifications.

We strongly recommend that you develop and test your application using this environment as you are likely to be asked to show successful requests/responses as part of troubleshooting any issues you are facing. You can find the link to the OBIE’s Sandbox page here.

How do I register an application?

Register using DCR

Which OIDC flows are you supporting?

We are supporting OIDC hybrid flow with the response type code ID token and code. We have also exposed our discovery endpoint with Open Banking, which has all the necessary information for our OIDC. This information can be found on the Open Banking Directory here.

When should I come to LBG to deal with development issues and when should I go to Open Banking Ltd?

As a first port of call, you should refer to the OBIE’s Developer Zone. If you have fulfilled all of the requirements documented there, and you would like to raise an issue with us directly, please use the Issue form in the Support section of our Developer Portal.

You may well be asked for successful request / response calls that have been made against Open Banking Model Bank to assist in troubleshooting.

Do you have a set of known issues that you can share with us?

We will communicate known issues to you via email.

Lloyds Banking Group Sandbox

The Sandbox is designed to replicate the LBG production environment. It provides a safe, controlled environment for registered TPPs to develop and test APIs.

Before you start we recommend users view and familiarise themselves with the Sandbox Developer Guide on this page.

First time users

Register with Open Banking Sandbox Directory.

Register

 

App set up

Register your Applications using Dynamic Client Registration (DCR) the details of which can be found in the below documents.

Lloyds Banking Group Sandbox Developers Guide
How to Register using DCR

View API Endpoints

Understand our API specification.

Swagger

 

Lloyds Banking Group Sandbox Developers Guide

This guide provides a technical overview of how to use the LBG Sandbox.

 

Screen Scraping Plus

This guide provides an overview of how to use our Screen Scraping Plus interface. It is intended to help TPPs carry out connectivity testing of the interface.

High level information is included about:

  • What is Screen Scraping Plus?
  • Websites on which Screen Scraping is enabled
  • How to enrol with Open Banking OBIE Directory
Lloyds Banking Group Screen Scraping Plus Developers Guide

This guide provides a technical overview of how to use the LBG Screen Scraping Plus.

 

How to register using DCR

 

Overview

The Dynamic Client Registration API enables Third Party Providers to register OAuth clients with NewDay to obtain client credentials and access tokens that can be used for making authentication requests.

How it works

Third party providers use our Dynamic Client Registration API to register their consumer applications with us and obtain access to Open Banking APIs to retrieve customer details needed for application services.

 

Before registering with Black Horse FlexPay, you must register with a regulated directory to obtain a Software Statement Assertion (SSA) and signing and transport certificates.

You can make a registration request to the Dynamic Client Registration endpoint with Black Horse FlexPay. After successful validation of the request with the given secret credentials, you will receive a client identifier in the response, which you can use to obtain application access tokens and access our Open Banking APIs.

The Environment URLs that would be applicable to Black Horse FlexPay are as follows

Sandbox: https://api.blackhorseflexpay.com/sandbox/open-banking/v3.1

Production: https://api.blackhorseflexpay.com/open-banking/v3.1

Access to Sandbox

To register on Open Banking Sandbox, please use Register

To make use of the Sandbox data, we have setup a test account, Loki, that cover all possible Sandbox requests.

 
User Credentials Description Required value
Username The username of the Mock User. The username needs to be provided as part of the user authentication process. Mandatory loki
One Time Passcode The one-time passcode for the Mock User. The one-time passcode is a 6 number code that is sent to the selected device during the user authentication process. Regardless of the device that the code has requested to be sent to it will not be delivered to this device in the sandbox environment. Mandatory 000000
Verification Code The verification code of the Mock User. The verification code is 6 number code provided on the second step of the user authentication process. Mandatory 123456
Account Id The account Id is used as part of the request to Black Horse's APIs. It's provided as part of the request url to retrieve user resources related to an account Id. Optional 904000
Statement Ids The statement Id is used as part of the request to Black Horse's APIs. It's provided as part of the request url to retrieve user statement resources. Optional 8sfhke-sifhkeug-00001
8sfhke-sifhkeug-00002
8sfhke-sifhkeug-00003
8sfhke-sifhkeug-00004
8sfhke-sifhkeug-00005
8sfhke-sifhkeug-00006
8sfhke-sifhkeug-00007
8sfhke-sifhkeug-00008
8sfhke-sifhkeug-00009

Our live APIs follow the same URL schemes as specified on this developer portal, but with the '/sandbox' path element removed.

For example:

Sandbox: https://api.blackhorseflexpay.co.uk/sandbox/open-banking/v3.1/register

Production: https://api.blackhorseflexpay.co.uk/open-banking/v3.1/register

Contact & Technical Issues

For general queries, please email :- EmbeddedFinanceProductTeam@lloydsbanking.com
We will be able to respond from 9am to 5pm Monday to Friday, except public holidays.