Guides • Build Banking Apps
Set up Postman

Set up Postman

To test our Open Banking API, you can use a Sandbox account with our Postman collection. This collection includes a set of custom scripts that let you easily test both account access and payment initiation consents.

If you haven't done so already, please first create an application as described here.


To use this flow, you need credentials for a Sandbox test account. You can find them in the Developer Portal, in your application settings, under the Sandbox tab. Alternatively, you can test the flow with a Sandbox Business account, which you can create here.


Using this Postman collection requires loading private keys onto Postman and the use of third-party libraries. Because of this, for security reasons, it should only be used for Sandbox testing.

Import the Postman collection

  1. First, import the Postman collection into your own Postman account, either by forking it or importing it directly:

    View in Postman

  2. After importing the Postman collection, set up the environment variables and load your Sandbox certificate and private key on Postman.

    The Postman collection comes with a set of predefined environment variables, which you can update on your own environment:

    Postman open banking api environmnent variables

    • url: The base URL of Revolut Sandbox Open Banking API.

    • auth_url: The base URL of the authorisation server for obtaining the access token.

    • jwk_domain: The domain name where your JWKS is hosted, without https://.

    • kid: The kid parameter which you set up in your JWKS.

    • private_key: The full contents of the private.key file.

    • client_id: The client_id variable obtained when an application is created via the Developer Portal or by Dynamic Client Registration (DCR).

    • redirect_uri: One of the redirect URLs provided when creating the application in the Developer Portal or by DCR.


      Some of these variables might not be visible in the requests being made but are required for proper functioning of some automations.

Add certificates

The Open Banking API authorisation server requires client-side certificate to obtain access tokens. Complete the following steps to set up certificates and work with the Open Banking API:

  1. Go to Postman settings.

  2. In the General tab, disable SSL certificate verification.

    Postman settings - SSL verification is off

  3. In the Certificates tab, make sure that the CA certificates option is disabled.

  4. In the Client Certificates section, click Add Certificate.

    Postman settings - Add certificate

  5. In the Host field, enter and leave the port field empty.

  6. For CRT file, add your transport.pem certificate.

  7. For KEY file, add your private.key file generated on initial setup.

  8. Click Add.

Expected result

The expected final setup in Client Certificates looks like this:

  • Host:
  • CRT file: /{your_path}/transport.pem
  • KEY file: /{your_path}/private_key.key

Postman settings - Client Certificates

Now you can interact with the Open Banking API Sandbox endpoints that require requests to be signed with a key and certificate.

Was this page helpful?