Yes we do.
If the Third Party is requesting to re-authorise the same list of accounts from the initial authorisation, the PSU (NBS Member) will skip the ‘account selection’ step of the Digital journey and be directed back to the Third Party once they have authenticated in our channel.
We support the authentication exemption, which means that you will be able to set up enduring access to 90 days worth of balances and transactions data via a single authentication of the customer (PSD2 RTS Article 10)
- When authentication is completed, you will be able to access all account information the customer has agreed to share during the initial session (1 hour duration), including up to 15 months of transactions data for Personal Current Accounts, and up to 90 days of transactions data for Credit Cards.
- Subsequent requests for Balance and Transaction data no more than 90 days old will not need to be reauthenticated until the authorisation has expired
- Where requests are made for account information other than Balances or Transactions, or for data more than 90 days old, a reauthentication is required. We will return a 401(Unauthenticated/Unauthorised) HTTP code to inform you where this scenario occurs
A summary of our technical documentation can be found on our Implementation Guide.
Below you can find a table of all future live APIs and their deployment dates.
As well as using our Developer Portal UI to access our Sandbox, you can also call our APIs direct from your application by using the below URL followed by the endpoint information that you wish to call.
The only exception to this is if you are calling our GET /.well-known endpoint where you will need to use the below URL.
If we receive more than four requests for data where the Member is not present from a third party within a 24hr period, we will process requests on the understanding that the third party (AISP) has obtained consent from our Member to request data more frequently.
- In live, we support version 1.1 of the PIS endpoints but these are not available in our Sandbox.
- We also offer AIS version 1.1 and 2 in live but only offer version 3 in the Sandbox.
- Open Data APIs are available to everyone in our production environment hence they are not part of our Sandbox.
- Here in our Sandbox environment, we have provided a number of test accounts covering a multitude of scenarios that can be used to fully test your application. In live, you will be using Member's real data.
- We are providing a simulated Customer Auth UI where authorisations will be consented to, by default, as there is no Member present in this journey.
- To test out expiration of a consent, you will need to wait for the test account’s authorisation to expire.
- To test revocation of a consent, you will need to create an authorisation on a test account and then delete it by calling the DELETE endpoint for that consent. You can then come back and call your chosen test account to cover this scenario.