# Get a client ID

Finally, register your application. 

When you have a valid JWT, you can use the `/register` endpoint to dynamically register your application.
From the response, you can obtain your `client_id` that you can use to make requests to the [Open Banking API](/docs/api/open-banking).

The `/register` endpoint is implemented as per the [Open Banking: Dynamic Client Registration - v3.1](https://openbanking.atlassian.net/wiki/spaces/DZ/pages/937066600/Dynamic+Client+Registration+-+v3.1#DynamicClientRegistration-v3.1-POST/register) specification.

:::warning
If you get certificate errors when using `curl` with Sandbox, it usually means your system [doesn't trust our certificate issuer](/docs/guides/build-banking-apps/get-started/get-access-token#certificates). The recommended approach is to add the certificate to your trusted store.

As a quick workaround, you can use the `-k` (or `--insecure`) option to skip certificate checks. **Be aware this disables all SSL verification, which can hide issues like expired or mismatched certificates and leaves you vulnerable to man-in-the-middle attacks**. For these reasons, avoid using `-k` in production or as a permanent solution.
:::

## Request

- ```shell [Production]
  curl -X POST https://oba-auth.revolut.com/register \
       --cert transport.pem --key private.key \
       --header 'Content-Type: application/jwt' \
       --data-raw '<insert JWT>'
  ```

- ```shell [Sandbox]
  curl -X POST https://sandbox-oba-auth.revolut.com/register \
       --cert transport.pem --key private.key \
       --header 'Content-Type: application/jwt' \
       --data-raw '<insert JWT>'
  ```

## Response

The response contains a JSON object with the details of your newly created application:

| JWT payload                    | Type               | Description                                                                                                                                           |
| ------------------------------ | ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------- |
| `iss`                          | string             | The principal that issued the JWT.                                                                                                                    |
| `iat`                          | numeric            | The time the JWT was issued, which is used to determine the age of the JWT. Provided in seconds in Unix timestamp format.                             |
| `exp`                          | numeric            | The expiration time starting from which the JWT must not be accepted for processing. Provided in seconds in Unix timestamp format.                    |
| `application_type`             | string             | The application type.                                                                                                                                 |
| `client_id`                    | string             | The Client ID of your application.                                                                                                                    |
| `token_endpoint_auth_method`   | string             | The authorization method for the `/token` endpoint. Currently, only `tls_client_auth` is supported.                                                   |
| `tls_client_auth_dn`           | string             | The distinguished name (DN) of the transport certificate.                                                                                             |
| `software_statement`           | string             | The software statement assertion (SSA) in JWT format.                                                                                                 |
| `id_token_signed_response_alg` | string             | The signing algorithm used to sign the `id_token` JWTs. Currently, only `PS256` is supported.                                                         |
| `request_object_signing_alg`   | string             | The signing algorithm used to sign request objects. Currently, only `PS256` is supported.                                                             |
| `redirect_uris`                | array of strings   | The list of allowed redirect URIs.                                                                                                                    |
| `org_jwks_endpoint`            | string             | Your JWKs endpoint.                                                                                                                                   |
| `grant_types`                  | array of strings   | List of supported grant types.                                                                                                                        |
| `scope`                        | **string**         | The list of granted scopes, **separated by spaces**. The supported scopes are `openid` (required), `accounts`, `payments` and `fundsconfirmations`.   |

#### Example

```json
{
    "iss": "example.com",
    "iat": 1591352490,
    "exp": 1899796254,
    "application_type": "web",
    "client_id": "<your client_id>",
    "token_endpoint_auth_method": "tls_client_auth",
    "tls_client_auth_dn": "<your transport certificte DN>",
    "software_statement": "<your software statement>",
    "id_token_signed_response_alg": "PS256",
    "request_object_signing_alg": "PS256",
    "redirect_uris": [
        "https://example.com/my_callback_url"
    ],
    "org_jwks_endpoint": "https://example.com/jwks",
    "grant_types": [],
    "scope": "openid accounts payments"
}
```

**What's next**

You are ready to start requesting user consents and make API calls to our endpoints.
For more information, see our [tutorials](/docs/guides/build-banking-apps/tutorials/get-account-and-transaction-information), which will walk you through the steps for different use cases.