2. Prepare your Sandbox environment
Set up the Sandbox environment to test the integration before you push it to the production environment.
Set up sandbox
Generate a CSR
- Open the Sandbox authentication tab in the Developer Portal, and copy the suggested command to generate a Certificate Signing Request (CSR).
- Open a CLI, and paste the
opensslcommand to generate a CSR.
You may also create the CSR using the command below, by providing your own application name:
openssl req -new -newkey rsa:2048 -nodes -out revolut.csr -keyout private.key -subj '/C=GB/ST=/L=/O=<YOUR APP NAME>/OU=001580000103UAvAAM/CN=2kiXQyo0tedjW2somjSgH7' -sha256 -outform der
Configure Sandbox authentication
- On the Sandbox authentication tab, fill in the
Redirect URLs. - Click Upload CSR file, navigate to the CSR you just generated and upload it.
- Click Continue.
The Overview tab of your application in the Developer Portal displays a Client ID you can use in the Sandbox environment.
If you have an OBIE/eIDAS certificate, you can upload the certificate in the Developer Portal and register a production application without any further approval from Revolut. You are returned a client_id that you can use to make requests to our API.
If you are looking to become a Revolut Partner, you must submit a request for your application to be approved via the Developer Portal. On successful approval of your application, you are returned production certificates to be used on our API.
Download sandbox credentials
- Navigate to your application settings in the Developer Portal.
- Click Download sandbox certificates.
- Place the downloaded certificates
signing.derandtransport.derin the directory where you stored your own certificate in Generate CSR.
Convert certificates
You need to convert the signing and transport certificates to *.pem format:
openssl x509 -inform der -in transport.der -out transport.pem
openssl x509 -inform der -in signing.der -out signing.pem
Your certificate directory should now contain these 6 files:
- 1 certificate signing request file in
*.csr - 1 private key file in
*.key - 1 transport certificate in
*.der - 1 transport certificate in
*.pem - 1 signing certificate in
*.der - 1 signing certificate in
*.pem
Add a JWK
A JWK is not required for the Partner API scopes (Draft Payments). If your application only needs access to these scopes, you can skip this step.
To add a JWK, you must generate it, validate it (optional, but recommended), and then set up a JWK endpoint with the URL under which you made it public.
Generate the JWK
- Create a JSON file in a text editor with the following structure:
{
"keys": [
{
"e": "AQAB",
"n": "<your n claim value>",
"kid": "<your KID value>",
"kty": "RSA",
"use": "sig"
}
]
} - Generate the n claim value by running the following command in the directory where you store your certificates:
openssl x509 -noout -modulus -in signing.pem | cut -c 9- | xxd -r -p | base64 | tr '/+' '_-' | tr -d '='
- Paste the generated
n claimvalue in the corresponding JSON key. - Type in a value of your choice for the
kidkey. - Save the JSON file and make it available on an address which can be publicly resolved.
For testing purpose, you may host the JSON content on Pastebin and use a public address such as https://pastebin.com/raw/{your bin}.
Validate your JWK
You can use the following form to check if your JWK is valid. To do that, copy and paste the full contents of your JWK below and click Test.
Set up JWK endpoint
- Navigate to your application settings in the Developer Portal.
- Click the Set up JWKs endpoint widget.
- Type in the address of the JWK in the JWKs URL field.
What's next
You are ready to start requesting user consents and make API calls to our endpoints. For more information, see our tutorials to walk you through the steps for different use cases.
You can also set up the production environment for your application.