To test our Open Banking API, you can use a Sandbox account with our Postman collection. This collection includes a set of custom scripts that let you easily test both account access and payment initiation consents.
If you haven't done so already, please first create an application as described here.
To use this flow, you need credentials for a Sandbox test account. You can find them in the Developer Portal, in your application settings, under the Sandbox tab. Alternatively, you can test the flow with a Sandbox Business account, which you can create here.
Using this Postman collection requires loading private keys onto Postman and the use of third-party libraries. Because of this, for security reasons, it should only be used for Sandbox testing.
First, import the Postman collection into your own Postman account, either by forking it or importing it directly:
After importing the Postman collection, set up the environment variables and load your Sandbox certificate and private key on Postman.
The Postman collection comes with a set of predefined environment variables, which you can update on your own environment:
url
: The base URL of Revolut Sandbox Open Banking API.
auth_url
: The base URL of the authorisation server for obtaining the access token.
jwk_domain
: The domain name where your JWKS is hosted, without https://
.
kid
: The kid
parameter which you set up in your JWKS.
private_key
: The full contents of the private.key
file.
client_id
: The client_id
variable obtained when an application is created via the Developer Portal or by Dynamic Client Registration (DCR).
redirect_uri
: One of the redirect URLs provided when creating the application in the Developer Portal or by DCR.
Some of these variables might not be visible in the requests being made but are required for proper functioning of some automations.
The Open Banking API authorisation server requires client-side certificate to obtain access tokens. Complete the following steps to set up certificates and work with the Open Banking API:
Go to Postman settings.
In the General tab, disable SSL certificate verification.
In the Certificates tab, make sure that the CA certificates option is disabled.
In the Client Certificates section, click Add Certificate.
In the Host field, enter sandbox-oba-auth.revolut.com
and leave the port field empty.
For CRT file, add your transport.pem
certificate.
For KEY file, add your private.key
file generated on initial setup.
Click Add.
The expected final setup in Client Certificates looks like this:
sandbox-oba-auth.revolut.com
/{your_path}/transport.pem
/{your_path}/private.key
Now you can interact with the Open Banking API Sandbox endpoints that require requests to be signed with a key and certificate.