Welcome to TSB API Developer Portal

Third Party Providers (TPPs) must first be registered with the Financial Conduct Authority (FCA) or National Competent Authority (NCA) of your host country and be enrolled with the Open Banking Directory. We cannot accept any applications from TPPs who do not meet these requirements.
For more information please visit openbanking.org.uk.

Our Sandbox sits on the same service as our production APIs. Sandbox and Production APIs are “software modes” of our Open Banking Service - each software mode has own independent URIs for DCR and Read/ Write APIs. The base URL for Sandbox endpoints is: apis.tsb.co.uk/sandbox. Example endpoints are as follows:

- https://apis.tsb.co.uk/apis/sandbox/open-banking/v3.1/.well-known/openid-configuration

- https://apis.tsb.co.uk/apis/sandbox/open-banking/v3.1/tpp/register

- https://apis.tsb.co.uk/apis/sandbox/open-banking/v3.1/auth/oauth2/token

- https://apis.tsb.co.uk/apis/sandbox/open-banking/v3.1/aisp/account-access-consents

- https://apis.tsb.co.uk/apis/sandbox/open-banking/v3.1/aisp/accounts

TPPs are only able to register Test Applications to our Sandbox that are registered within Open Banking's Test Directory.

Please note that transactions and balances will not get updated in sandbox.

We support applications to our live environment via Dynamic Onboarding using the POST/register API. We'll then provide you with client credentials which is important information and must be held securely and not shared with anyone. You'll be automatically subscribed to a holding plan (limited daily calls) until we can review your application and we'll then promote you to our standard plan which enables you to consume our APIs fully. Please contact us for further information if required.

Please see our Implementation Guide with Open Banking for a summary of our technical information. Below is a list of the supported endpoints:

API	Version	Status
Register
POST /register	v3.1	Available
GET /register/{ClientId}	v3.1	Available
PUT /register/{ClientId}	v3.1	Available
DELETE /register/{ClientId}	v3.1	Available
AIS
POST /account-access-consents	v3.1	Available
GET /account-access-consents/{ConsentId}	v3.1	Available
DELETE /account-access-consents/{ConsentId}	v3.1	Available
GET /accounts	v3.1	Available
GET /accounts/{AccountId}	v3.1	Available
GET /accounts/{AccountId}/balances	v3.1	Available
GET /balances	v3.1	Available
GET /accounts/{AccountId}/beneficiaries	v3.1	Available
GET /accounts/{AccountId}/direct-debits	v3.1	Available
GET /accounts/{AccountId}/standing-orders	v3.1	Available
GET /accounts/{AccountId}/transactions	v3.1	Available
GET /accounts/{AccountId}/product	v3.1	Available
GET /accounts/{AccountId}/scheduled-payments	v3.1	Available
GET /accounts/{AccountId}/statements	v3.1	Available
GET /accounts/{AccountId}/statements/{StatementId}	v3.1	Available
GET /accounts/{AccountId}/statements/{StatementId}/transactions	v3.1	Available
PIS
POST /domestic-payment-consents	v3.1	Available
GET /domestic-payment-consents/{ConsentId}	v3.1	Available
GET /domestic-payment-consents/{ConsentId}/funds-confirmation	v3.1	Available
POST /domestic-payments	v3.1	Available
GET /domestic-payments/{DomesticPaymentId}	v3.1	Available
POST /domestic-scheduled-payment-consents	v3.1	Available
GET /domestic-scheduled-payment-consents/{ConsentId}	v3.1	Available
POST /domestic-scheduled-payments	v3.1	Available
GET /domestic-scheduled-payments/{DomesticScheduledPaymentId}	v3.1	Available
POST /domestic-standing-order-consents	v3.1	Available
GET /domestic-standing-order-consents/{ConsentId}	v3.1	Available
POST /domestic-standing-orders	v3.1	Available
GET /domestic-standing-orders/{DomesticStandingOrderId}	v3.1	Available
POST /international-payment-consents	v3.1	Available
GET /international-payment-consents/{ConsentId}	v3.1	Available
GET /international-payment-consents/{ConsentId}/funds-confirmation	v3.1	Available
POST /international-payments	v3.1	Available
GET /international-payments/{InternationalPaymentId}	v3.1	Available
CBPII
POST /funds-confirmation-consents	v3.1	Available
GET /funds-confirmation-consents/{ConsentId}	v3.1	Available
DELETE /funds-confirmation-consents/{ConsentId}	v3.1	Available
POST /funds-confirmations	v3.1	Available

Here are some common issues you could experience onboarding for the first time with us:

ISS	Will be your software client ID taken from your TPP Software Statement Assertion (SSA) which is issued by OBIE.
Exp	Expiry date should be a unix timestamp format and not wrapped in quotations.
Redirect URi's	The redirect URi's provided in the outer jwt must match those in your SSA.
Software ID	Will be your software client ID taken from your SSA. Although this is an optional field as per DCR spec, we ask TPP's supply this claim in their payload when onboarding to avoid facing issues during account access consent.
Scope	This should match what is on your SSA and should be written as "openid" and then followed by "accounts", "payments" or "fundsconfirmations" depending on your app. These can also be grouped to support multiple scopes for your app e.g. "openid accounts payments fundsconfirmations".
Software Statement	The SSA relating to the client ID issued by OBIE.
Content-Type	Should be 'application/jwt'.
Token_Endpoint_Auth_Method	Please ensure you provide your preferred token endpoint auth method. Failing to specify your preference will result in the default auth method of private_jwt being registered against your application.

We will only accept requests signed with the PS256 signing algorithm. Our payloads and ID Tokens will be signed using PS256.

You will need to offboard using the DELETE /register API.

The HTTP codes used within Open Banking APIs are:

400 (Bad Request)

403 (Forbidden)

404 (Not Found)

406 (Not Acceptable)

429 (Too Many Requests)

500 (Internal Server Error)

503 (Services unavailable or too busy)

For more details, refer to the detailed API specifications available on the central industry Open Banking website.

Our Service does support eIDAS (electronic Identification, Authentication and Trust Services). Currently, TPPs will need to be registered with Open Banking and ensure their SSA when onboarding is signed by them. Self signed SSA's will be accepted in the future at some point.

For Sandbox - we accept Test Applications where 'production' eIDAS Qwac and Qseals are associated to it in Open Banking's Test Directory.

Please feel free to contact our TPP Support Team by email for any questions relating to our APIs at: obtppsupport@tsb.co.uk.

Our Sandbox has a number of test accounts you can use.

As these test accounts contain mock data you only need to correctly supply the 'user-id' for each test account during the PSU consent journey. All other credentials (password, memorable information and one time password) can be anything you enter.

Test credentials are as follows:

User ID	No of Accounts	Account Types	Sub Account Types	Endpoints	No of Transactions
testuser1	1	Personal	Current	Accounts / Balances / Beneficiaries / Statements / Transactions	20+
testuser2	4	Personal/Business	Multiple	As Above	10+
testuser3	4	Personal/Business	Multiple	As Above	10+
testuser4	3	Personal/Business	Multiple	As Above	10+
testuser5	3	Personal/Business	Credit Card & Savings	As Above	10+
testuser6	1	Personal	Savings	As Above	10+
testuser7	1	Business	Credit Card	As Above	10+
testuser8	1	Personal	Current	As Above	50+
testuser9	1	Personal	Current	As Above Plus Standing Orders	50+
testuser10	1	Business	Current	Accounts / Balances / Beneficiaries / Statements / Transactions	10+
testuser11	1	Personal	Savings	As Above	10+
testuser12	1	Personal	Current	As Above Plus Direct Debits and Scheduled Payments	10+
testuser13	1	Business	Savings	Accounts / Balances / Beneficiaries / Statements / Transactions	10+
testuser14	1	Business	Current	As Above Plus Direct Debits and Standing Orders	10+
testuser15	1	Business	Current	As Above	10+
testuser18	1	Business	Current	Products	N/A