Open Banking API
Open Banking API
doc

Open Banking API

The Revolut Open Banking API is the gateway for third-party providers to interact with Revolut customers and products.

You can take advantage of the Open Banking API to build your banking applications whether you are

  • A regulated third party provider that wants to get account and transaction information of Revolut customers and initiate different types of payments, or
  • An innovative service provider that is looking to seamlessly integrate Revolut functions into your own applications.

To get started using the Open Banking API, check the user guides.

To see the reference for the specific endpoints and operations of this API, browse the menu on the left.

You can test the Open Banking API in Postman:

View in Postman

Authentication

Get Access token

Certificates

You must use a transport certificate and its private key in order to request an access token.

  • For Sandbox testing you can use the transport.pem certificate file which you obtained in Convert certificates together with the private key generated in step Generate a CSR.

  • For Production you will need to use a valid OBIE or eIDAS transport certificate from a regulated Certificate Authority and its corresponding private key.

note

Revolut Open Banking API servers use certificates issued by Open Banking Limited.

You can find the root and issuing certificates here if you need to add them to your truststore.

Headers

  • Content-Type: application/x-www-form-urlencoded

Parameters

  • grant_type: Must be set to client_credentials to get the access token.
  • scope: Must be set to accounts.

Example

note

The parameters -k or --insecure are not necessary if you added Open Banking Root and Issuing certificates to your truststore.

curl -k --cert transport.pem --key private.key \
--location -X POST 'https://oba-auth.revolut.com/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials' \
-d 'scope=accounts' \

Response

The response contains the following JSON object:

{
'access_token':'<access token>',
'token_type':'Bearer',
'expires_in':2399
}

What's next

Use this access token as the authentication bearer for all subsequent requests to the API, as described in the Tutorials section. When your certificate expires, repeat the steps above to create a new one.

Authorization

Each Open Banking API must contain an authorization header in the following format to make a call: Bearer <yourAccessToken>.

Before you start, ensure that you've got an access token with the correct scope using the /token endpoint. You need to get the authorization code first and exchange it for an access token.

danger

Never share your access_token with anyone, as it can be used to access the banking data that you have access to and initiate transactions.

For more information, see Tutorial: Get account and transaction information and Tutorial: Initiate your first payment as examples.

x-jws-signature

Open Banking API Payment requests additionally require a JSON Web Signature (JWS) which needs to be added to the header of the request. The JWS signature must be obtained using the full content of the payload.

Was this page helpful?