OB Security Utils API

OB Security Utils API

This product will contain a single API that will sign the incoming request payload with the Santander JWS signature policy. This is being built in the "intra-core" catalogue in order to facilitate the Confirmation Of Payee outbound calls. Currently this is in testing.

expand_more expand_less Contact information
OpenBanking Security Project
expand_more expand_less License
http://info.contact.url
production
https://openbanking-ma.santander.co.uk/sanuk/external

Endpoint for Open Banking TLS MA only

Santander Internal Release Version: 1.0.15

Paths

/sign-payload

post /sign-payload

This endpoint is used to get the JWS value for the outbound call

clientIdHeader
X-IBM-Client-Id
(apiKey located in header)
clientSecretHeader
X-IBM-Client-Secret
(apiKey located in header)
X-IBM-Client-Id
Required in header
string

Valid client ID header

X-IBM-Client-Secret
Required in header
string

Valid secret in header

Authorization
Required in header
string

Valid JWT

iss
Required in header
string

Issuer(iss) claim string used in the jwt

kid
Optional in header
string

kid (key ID) Header Parameter is a hint indicating which public key was used to secure the JWS.

cryptoKeyName
Optional in header
string

Reference name to crypto key object used to sing the detached payload

alg
Optional in header
string

Cryptographic Algorithm used to create the jwt. default PS256

tan
Optional in header
string

Domain name for Trust Anchor. For OB must be openbanking.org.uk

cty
Optional in header
string

Content type

typ
Optional in header
string

type

Content-Type
Required in header
string

Content Type

request
Optional in body
object

sample payload

samplePayload
Accept
Optional in header
string
application/json
200

200 OK

400

400 Bad Request

401

401 Unauthorized

403

403 Forbidden

404

404 Not Found

500

500 Internal Server Error

503

503 Service Unavailable

Example Request
Example Response
POST https://openbanking-ma.santander.co.uk/sanuk/external/openbanking/security-utils/v1/sign-payload
Try this operation
https://openbanking-ma.santander.co.uk/sanuk/external/openbanking/security-utils/v1/sign-payload
content-type
accept
X-IBM-Client-Id
X-IBM-Client-Secret
Authorization
iss
kid
cryptoKeyName
alg
tan
cty
typ

/validatepayloadsignature

post /validatepayloadsignature
clientIdHeader
X-IBM-Client-Id
(apiKey located in header)
clientSecretHeader
X-IBM-Client-Secret
(apiKey located in header)
X-IBM-Client-Id
Required in header
string

Valid client ID header

X-IBM-Client-Secret
Required in header
string

Valid secret in header

x-jws-signature
Required in header
string

jws signature

Content-Type
Required in header
string

Content Type

Authorization
Required in header
string

Valid JWT

request
Optional in body
object

sample pay load

samplePayload
Accept
Optional in header
string
application/json
200

200 OK

400

400 Bad Request

401

401 Unauthorized

403

403 Forbidden

404

404 Not Found

500

500 Internal Server Error

Example Request
Example Response
POST https://openbanking-ma.santander.co.uk/sanuk/external/openbanking/security-utils/v1/validatepayloadsignature
Try this operation
https://openbanking-ma.santander.co.uk/sanuk/external/openbanking/security-utils/v1/validatepayloadsignature
content-type
accept
X-IBM-Client-Id
X-IBM-Client-Secret
x-jws-signature
Authorization

/private-key-jwt

post /private-key-jwt
clientIdHeader
X-IBM-Client-Id
(apiKey located in header)
clientSecretHeader
X-IBM-Client-Secret
(apiKey located in header)
Authorization
Required in header
string

Valid JWT

X-IBM-Client-Id
Required in header
string

Valid client ID header

X-IBM-Client-Secret
Required in header
string

Valid secret in header

kid
Optional in header
string

kid (key ID) Header Parameter is a hint indicating which public key was used to secure the JWS.

cryptoKeyName
Optional in header
string

Reference name to crypto key object used to sing the detached payload

Content-Type
Required in header
string

Content Type

request
Optional in body
object
privateKeyJwtRequest
Accept
Optional in header
string
application/json
200

200 OK

400

400 Bad Request

401

401 Unauthorized

403

403 Forbidden

404

404 Not Found

500

500 Internal Server Error

Example Request
Example Response
POST https://openbanking-ma.santander.co.uk/sanuk/external/openbanking/security-utils/v1/private-key-jwt
Try this operation
https://openbanking-ma.santander.co.uk/sanuk/external/openbanking/security-utils/v1/private-key-jwt
content-type
accept
Authorization
X-IBM-Client-Id
X-IBM-Client-Secret
kid
cryptoKeyName

Definitions 

                    {
    "properties": {
        "iss": {
            "type": "string",
            "description": "Issuer(iss) claim string used in the jwt",
            "example": "8-OZA8bdIUEcWH0oFFZVZGwt"
        },
        "sub": {
            "type": "string",
            "description": "Subject(sub) claim identifying the  principal that is the subject of the JWT",
            "example": "9-IFFZVZGwt0oOZA8bdUEcWH"
        },
        "aud": {
            "type": "string",
            "description": "Audience(aud) claim containing a value that identifies the authorization server as an intended audience",
            "example": "https:\/\/secure1.coutts.com"
        },
        "exp": {
            "type": "integer",
            "description": "Expiration Time (exp) claim that limits the time window during which the JWT can be used",
            "example": 1595582756,
            "format": "int64"
        },
        "nbf": {
            "type": "integer",
            "description": "not before (nbf) claim that identifies the time before which the token MUST NOT be accepted for processing",
            "example": 234234234,
            "format": "int64"
        },
        "iat": {
            "type": "integer",
            "description": "not before (nbf) claim that identifies the time before which the token MUST NOT be accepted for processing",
            "example": 1595499626,
            "format": "int64"
        },
        "jti": {
            "type": "string",
            "description": "JWT ID(jti) claim that provides a unique identifier for the token",
            "example": "234234"
        }
    },
    "additionalProperties": false
}
              
                    {
    "properties": {
        "AanyKey": {
            "type": "string",
            "description": "any json key value",
            "example": "any value"
        }
    },
    "additionalProperties": false
}