Guides • Build Banking Apps
2. Prepare your Sandbox environment

2. Prepare your Sandbox environment

Set up the Sandbox environment to test the integration before you push it to the production environment.

Set up sandbox

Generate a CSR

  1. Open the Sandbox authentication tab in the Developer Portal, and copy the suggested command to generate a Certificate Signing Request (CSR).
  2. Open a CLI, and paste the openssl command to generate a CSR.

You may also create the CSR using the command below, by providing your own application name:

openssl req -new -newkey rsa:2048 -nodes -out revolut.csr -keyout private.key -subj '/C=GB/ST=/L=/O=<YOUR APP NAME>/OU=001580000103UAvAAM/CN=2kiXQyo0tedjW2somjSgH7' -sha256 -outform der

Configure Sandbox authentication

  1. On the Sandbox authentication tab, fill in the Redirect URLs.
  2. Click Upload CSR file and navigate to the CSR you just generated.
  3. Click Continue.

The Overview tab of your application in the Developer Portal displays a Client ID you can use in the Sandbox environment.


If you have an OBIE/eIDAS certificate, you can upload the certificate in the Developer Portal and register a production application without any further approval from Revolut. You are returned a client_id that you can use to make requests to our API.


If you are looking to become a Revolut Partner, you must submit a request for your application to be approved via the Developer Portal. On successful approval of your application, you are returned production certificates to be used on our API.

Download sandbox credentials

  1. Navigate to your application settings in the Developer Portal.
  2. Click Download sandbox certificates.
  3. Place the downloaded certificates signing.der and transport.der in the directory where you stored your own certificate in Generate CSR.

Convert certificates

You need to convert the signing and transport certificates to *.pem format:

openssl x509 -inform der -in transport.der -out transport.pem
openssl x509 -inform der -in signing.der -out signing.pem

Your certificate directory should now contain these 6 files:

  • 1 certificate signing request file in *.csr
  • 1 private key file in *.key
  • 1 transport certificate in *.der
  • 1 transport certificate in *.pem
  • 1 signing certificate in *.der
  • 1 signing certificate in *.pem

Generate the JWK

  1. Create a JSON file in a text editor with the following structure:
    "keys": [
    "e": "AQAB",
    "n": "<your n claim value>",
    "kid": "<your KID value>",
    "kty": "RSA",
    "use": "sig"
  2. Generate the n claim value by running the following command in the directory where you store your certificates:
openssl x509 -noout -modulus -in signing.pem | cut -c 9- | xxd -r -p | base64 | tr '/+' '_-' | tr -d '='
  1. Paste the generated n claim value in the corresponding JSON key.
  2. Type in a value of your choice for the kid key.
  3. Save the JSON file and make it available on an address which can be publicly resolved.

For testing purpose, you may host the JSON content on Pastebin and use a public address such as{your bin}.

Validate your JWK

You can use the following form to check if your JWK is valid. To do that, copy and paste the full contents of your JWK below and click Test.

Set up JWK endpoint

  1. Navigate to your application settings in the Developer Portal.
  2. Click the Set up JWKs endpoint widget.
  3. Type in the address of the JWK in the JWKs URL field.

What's next

You are ready to start requesting user consents and make API calls to our endpoints. For more information, see our tutorials to walk you through the steps for different use cases.

You can also set up the production environment for your application.

Was this page helpful?