Our API allows Dynamic Client Registration (DCR) in order to create a valid client that is able to use our Authorisation Server. We only trust Software Statement Assertions (SSAs) issued by the Open Banking Directory provided by Open Banking Limited (OBL). eIDAS certificates are supported via onboarding to the Open Banking Directory (as discussed in more detail below).
The URL of the registration endpoint is advertised on our OIDC Discovery Endpoint using the registration_endpoint claim.
OIDC Discovery (Production): https://auth1.api.ob.allica.bank/.well-known/openid-configuration
OIDC Discovery (Sandbox): https://auth1.sandbox.ob.allica.bank/.well-known/openid-configuration
As defined further in the Allica Open Banking API Specification
PS256code id_tokenPS256PS256private_key_jwt, tls_client_authExample claim values:
iss: SSA software_id (e.g. 0015800001ZEc3hAAD)sub: same as issFor private_key_jwt - the
audclaim is the URL of the token endpoint as specified in OIDC client authentication. For the request object used in OIDC flows, theaudclaim is the issuer URL from the Allica ASPSP.well-knownendpoint.
Note: Our Sandbox API also offers less strict profiles to assist with integration testing. See below for more details.
We recommend that TPPs use OB Transport and OB Signing certificates where possible. TPPs can use their QWACs and QSeals to onboard to the OBL directory and generate these certificates.
We support the use of OBWAC and OBSeal on our production and sandbox environments. TPPs can use their QWACs and QSeals to onboard to the OBL directory and generate these certificates.
We support the use of QWACs, but this is not our recommended approach. TPPs facing issues onboarding with QWACs should contact our support desk. Please attach a pem file of the certificate to your support ticket.
We support the use of QSeals that have been attached to your software statement in the OB Directory.