2. Prepare your Sandbox environment

Set up the Sandbox environment to test the integration before you push it to the production environment.

Set up sandbox​

Generate a CSR​

1. Open the Sandbox authentication tab in the Developer Portal, and copy the suggested command to generate a Certificate Signing Request (CSR).
2. Open a CLI, and paste the openssl command to generate a CSR.

You may also create the CSR using the command below, by providing your own application name:

openssl req -new -newkey rsa:2048 -nodes -out revolut.csr -keyout private.key -subj '/C=GB/ST=/L=/O=<YOUR APP NAME>/OU=001580000103UAvAAM/CN=2kiXQyo0tedjW2somjSgH7' -sha256 -outform der

Configure Sandbox authentication​

1. On the Sandbox authentication tab, fill in the Redirect URLs.
2. Click Upload CSR file, navigate to the CSR you just generated and upload it.
3. Click Continue.

The Overview tab of your application in the Developer Portal displays a Client ID you can use in the Sandbox environment.

Download sandbox credentials​

1. Navigate to your application settings in the Developer Portal.
2. Click Download sandbox certificates.
3. Place the downloaded certificates signing.der and transport.der in the directory where you stored your own certificate in Generate CSR.

Convert certificates​

You need to convert the signing and transport certificates to *.pem format:

openssl x509 -inform der -in transport.der -out transport.pem
openssl x509 -inform der -in signing.der -out signing.pem

Add a JWK​

To add a JWK, you must generate it, validate it (optional, but recommended), and then set up a JWK endpoint with the URL under which you made it public.

Generate the JWK​

1. Create a JSON file in a text editor with the following structure:

   {
     "keys": [
       {
         "e": "AQAB",
         "n": "<your n claim value>",
         "kid": "<your KID value>",
         "kty": "RSA",
         "use": "sig",
         "x5c": [
           "<your base64-encoded signing certificate>"
         ]
       }
     ]
   }
   

2. Generate the n claim value by running the following command in the directory where you store your certificates:

   openssl x509 -noout -modulus -in signing.pem | cut -c 9- | xxd -r -p | base64 | tr '/+' '_-' | tr -d '='
   

3. Paste the generated n claim value in the corresponding JSON key.

4. Copy the content of your signing.pem certificate with no line breaks, header or footer and enter it into the x5c parameter. You can obtain the signing.pem certificate with the following command:

   sed -E '/(^-----[A-Z ]+-----$)/d' signing.pem | tr -d '\n'
   

5. Type in a value of your choice for the kid key.

6. Save the JSON file and make it available on an address which can be publicly resolved.

Validate your JWK​

You can use the following form to check if your JWK is valid. To do that, copy and paste the full contents of your JWK below and click Test.

Set up JWK endpoint​

1. Navigate to your application settings in the Developer Portal.
2. Click the Set up JWKs endpoint widget.
3. Type in the address of the JWK in the JWKs URL field.

What's next​

You are ready to start requesting user consents and make API calls to our endpoints. For more information, see our tutorials to walk you through the steps for different use cases.

You can also set up the production environment for your application.