write-my-email       
      
         

Frequently Asked Questions


divi          

What is Open Banking? 

         
            

Open Banking is a reform, called for by the Competitions & Market Authority (CMA), which mandates Neoleap and the eight other largest current account providers (CMA9) to securely share customer account data and initiate payments with registered third party providers (TPPs) provided the customer has given their consent. Please find more information at openbanking

         
                     divi

What are our Open Banking APIs? 

                    
            

•Account Access consents:This Product is intended to describe the APIs required for inquiring and managing account access consents information.
•Accounts:This Product is intended to describe the APIs required for inquiring about accounts information
•Balances:This Product is intended to describe the APIs required for inquiring about account's balances information.
•Transactions:This Product is intended to describe the APIs required for inquiring about account's transactions information.

         
                     divi

What are the roles a TPP can perform?  

                    
            

A TPP, Third Party Provider, can perform the following roles once they are registered with their National Competent Authority (NCA): Account Information Service Provider (AISP) Payment Initiation Service Provider (PISP) Technical Service Provider (TSP) Card Based Payment Instrument Issuer (CBPII)

         
                     divi

Am I automatically opted in to open banking ?

                    
            

No. You’ll only use open banking if you give your explicit consent to a regulated app or website. It’s always your choice.

         
          divi

Can I use open banking if I don’t use online banking?

         
            

No. To use open banking you need online or mobile banking for your payment account.

         
                     divi

What types of account can be used for open banking?

         
            

You can use open banking for payment accounts that you access online or by mobile, such as personal and business current accounts, credit cards and online e-money accounts.

         
divi

What type of balances are returned in the balance endpoint?

                    
            

The mapping between NEM and balances microservice is the following: For Current Account CurrentBalance will be translated to InterimBooked AvailableBalance will be translated to InterimAvailable For Credit Cards CurrentBalance will be translated to ClosingAvailable AvailableBalance will be translated to InterimAvailable

         
          divi

How can I access Implemetation Guidelines for the APIs? 

                    
            

As a TPP, in order to access our Implementation Guidelines for APIs, you need to be enrolled with Open Banking (Enrolling Onto Open Banking Guide Api Guide and registered with SAMA.

         
          divi

As a TPP, is there somewhere I can test prototype Open Banking Solutions? 

                    
            

Yes, Neoleap have a test facility sandbox available through our Developer Portal,Check out our getting started for a step by step guide on how to start testing with our Sandbox APIs.

         
          divi

What is the URL for Open Banking OpenID Connect Endpoint?  

                    
            

click here

         
          divi

Do you have some Personal & Business Current Accounts test accounts available for testing?  

                    
            

We do not yet have test accounts available for testing with our Live APIs.In Sandbox, however, we will have a set of test scenarios for production-like testing.

         
          divi

How do I on-board to the Neoleap Developer Portal? 

                    
            

For help on how to on-board to the Neoleap Developer Portal check out Client Registration

         
          divi

I am getting an SSL Handshake Error when trying to invoke /token or resource endpoints. 

                    
            

Check that you are using the correct certificate signed by Client private key to establish the TLS MA connection

         
          divi

I am getting a 401 unauthorized response when invoking /token endpoints  

                    
            

• Make sure you have registered your TPP Application in Neoleap Developer Portal and the subscript to one of Our product plans and the subscription plan status is active.
• Make sure you are following client_secret_post for the OIDC calls
• Make sure you are sending client_id & client_secret as part of x-www-form-urlencoded body parameter

         
          divi

Do you support CIBA (client initiated back-channel authentication)?

                    
            

We currently do not offer this functionality, but are looking to include it in the future.

         
          divi

Which signing algorithm can I use?

                    
            

we will only accept requests signed with the PS256 signing algorithm in both the live and Sandbox services.Our payloads and ID Tokens will be signed using PS256.

         
          divi

Am I automatically opted in to open banking ?

                    
            

No. You’ll only use open banking if you give your explicit consent to a regulated app or website. It’s always your choice.

         
          divi

How do I deregister one of my apps or delete my account from the Developer Portal?

                    
            

You can deregister an app, or your entire account, by getting in touch with our team through our Support page. We'll let you know once we've done it.

         
          divi

What do the following exception codes relate to?

                    
            

APIs for version 3 now return granular error codes. All previous APIs return standard HTTP codes. The HTTP codes used within Nationwide Open Banking APIs are:
•400 (Bad Request)
•401 (Unauthenticated/Unauthorised)
•404 (Not Found)
•403 (Forbidden)
•429 (Too Many Requests)
•500 (Internal Server Error)
•503 (Services unavailable or too busy)
For more details, refer to the detailed API specifications available on the central industry Open Banking website.

         
          divi

How can I get a summary of your technical documentation, including future APIs?

                    
            

A summary of our technical documentation can be found on Api Guide .the Future APIs Can be found here Future plans .

         
          divi

How do I control who has access to my information?

                    
            

There are two ways to stop giving access to your data:
•Go to the regulated app or website, and withdraw your consent directly with them
• Contact your bank or building society to let them know you no longer want the regulated app or website to have access to your information

         
          divi

How do I know open banking is safe?

                    
            

Open banking has been designed with security at its heart – here’s how: Bank-level security – open banking uses rigorously tested software and security systems. You’ll never be asked to give access to your bank login details or password to anyone other than your own bank or building society. It’s regulated – only apps and websites regulated by the FCA or European equivalent can enrol in the open banking Directory. You’re in charge – you choose when, and for how long, you give access to your data. Extra protection – your bank or building society will pay your money back if fraudulent payments are made. You’re also protected by data protection laws and the Financial Ombudsman Service