# Set up Postman To test our Open Banking API, you can use a Sandbox account with our Postman collection. This collection includes a set of custom scripts that let you easily test both account access and payment initiation consents. If you haven't done so already, please first create an application as described [here](/docs/guides/build-banking-apps/get-started/register-your-application-in-the-developer-portal). :::note To use this flow, you need credentials for a Sandbox test account. You can find them in the [Developer Portal](https://developer.revolut.com/portal/applications), in your application settings, under the **Sandbox** tab. Alternatively, you can test the flow with a Sandbox Business account, which you can create [here](https://sandbox-business.revolut.com/signup). ::: :::warning Using this Postman collection requires loading private keys onto Postman and the use of third-party libraries. Because of this, for security reasons, it should only be used for Sandbox testing. ::: ## Import the Postman collection 1. First, import the Postman collection into your own Postman account, either by forking it or importing it directly: [![View in Postman](https://run.pstmn.io/button.svg)](https://www.postman.com/revolut-api/workspace/revolut-developers/collection/23216751-3200d0c6-6d6a-4f94-b4ad-5ca1d37b39eb) 2. After importing the Postman collection, set up the environment variables and load your Sandbox certificate and private key on Postman. The Postman collection comes with a set of predefined environment variables, which you can update on your own environment: ![Postman open banking api environmnent variables](/img/build-banking-apps/tutorials/test-with-postman/postman-ob-environment-variables.png) - `url`: The base URL of Revolut Sandbox Open Banking API. - `auth_url`: The base URL of the authorisation server for obtaining the access token. - `jwk_domain`: The domain name where your [JWKS](/docs/guides/build-banking-apps/register-your-application-using-dcr/get-the-jwks-url) is hosted, without `https://`. - `kid`: The `kid` parameter which you set up in your [JWKS](/docs/guides/build-banking-apps/register-your-application-using-dcr/get-the-jwks-url). - `private_key`: The full contents of the `private.key` file. - `client_id`: The `client_id` variable obtained when an application is created [via the Developer Portal](/docs/guides/build-banking-apps/get-started/register-your-application-in-the-developer-portal) or by [Dynamic Client Registration (DCR)](/docs/guides/build-banking-apps/register-your-application-using-dcr/). - `redirect_uri`: One of the redirect URLs provided when [creating the application in the Developer Portal](/docs/guides/build-banking-apps/get-started/register-your-application-in-the-developer-portal) or [by DCR](/docs/guides/build-banking-apps/register-your-application-using-dcr/). :::note Some of these variables might not be visible in the requests being made but are required for proper functioning of some automations. ::: ## Add certificates The Open Banking API authorisation server requires client-side certificate to obtain access tokens. Complete the following steps to set up certificates and work with the Open Banking API: 1. Go to Postman settings. 2. In the **General** tab, disable SSL certificate verification. ![Postman settings - SSL verification is off](/img/build-banking-apps/tutorials/test-with-postman/postman-ob-ssl-verification-off.png) 3. In the **Certificates** tab, make sure that the **CA certificates** option is disabled. 4. In the **Client Certificates** section, click **Add Certificate**. ![Postman settings - Add certificate](/img/build-banking-apps/tutorials/test-with-postman/postman-ob-add-certificate.png) 5. In the **Host** field, enter `sandbox-oba-auth.revolut.com` and leave the port field empty. 6. For **CRT file**, add your `transport.pem` certificate. 7. For **KEY file**, add your `private.key` file generated on [initial setup](#import-the-postman-collection). 8. Click **Add**. :::note [Expected result] The expected final setup in **Client Certificates** looks like this: - **Host**: `sandbox-oba-auth.revolut.com` - **CRT file**: `/{your_path}/transport.pem` - **KEY file**: `/{your_path}/private.key` ![Postman settings - Client Certificates](/img/build-banking-apps/tutorials/test-with-postman/postman-ob-certificates.png) ::: Now you can interact with the Open Banking API Sandbox endpoints that require requests to be signed with a key and certificate.