Getting Started

Owned by Leatherback, created
Last updated: Jul 04, 2024
3 min read

This section will guide you through the essential steps to integrate your third-party platform with our APIs. Following these steps, you can register as a Third Party Provider (TPP), generate necessary tokens, and establish secure communication with our services.

Register as a Third Party Provider (TPP)

To begin integrating with Leatherback, you must register as a Third Party Provider (TPP). This registration process involves making an API call to our registration endpoint.

API Endpoint: https://api-openbanking.leatherback.co/api/account/registration

Method: POST

Request Headers:

  • Content-Type: application/json

  • signature-certificate: <Set your signature certificate here. This is a password-like text>

Request Body:

{ "countryISO": "GB", "address": "1 Roada Way, Calculta", "name": "Cway Bottle Company", "email": "cway-bottle@finance.co", "certificateType": "account", "callbackUrl": "https://webhook.site/0994061c-ba69-40cb-99a8-94c54e692eab" }

Sample Request:

curl -X POST "https://api-openbanking.leatherback.co/api/account/registration" \ -H "Content-Type: application/json" \ -d '{ "countryISO": "GB", "address": "1 Roada Way, Calculta", "name": "Cway Bottle Company", "email": "cway-bottle@finance.co", "certificateType": "account", "callbackUrl": "https://webhook.site/0994061c-ba69-40cb-99a8-94c54e692eab" }'
{ "Certificate": "Adaobi@", "ClientId": "74EB610C710938923806817AD4631EB3", "Message": "OK" }

Once registered as a TPP, the next step is to generate a client token. This token is necessary for authenticating subsequent API calls.

API Endpoint: https://api-openbanking.leatherback.co/auth/token

Method: POST

Request Headers:

  • Content-Type: application/x-www-form-urlencoded

After generating a client token, the next step is to create client consent. This step involves generating a consentId in our systems so we can tie consent requests to you as a TPP.

In this tutorial, you create a consent for any of the following available permissions:

Permissions

Dependencies

Permissions

Dependencies

ReadAccountsBasic

None

ReadAccountsDetail

None

API Endpoint: https://api-openbanking.leatherback.co/account-access-consents

Method: POST

Request Headers:

  • Content-Type: application/json

  • Authorization: Bearer {access_token}

After you create a consent, you need the user to authorize the consent so that you can access the data on their behalf. To facilitate this, you must create a JWT request parameter.

  1. Prepare the JWT Header:

    • Set the alg (algorithm) to PS256.

    • Insert your key ID (kid) into the header.

  2. Prepare the JWT Body:

    • Set the response_type to code id_token.

    • Insert your client_id which you received during registration.

    • Specify your redirect_uri.

      • This is a page on your platform where the authorized customer will be redirected back to continue the open banking process. The authorization code or token and some other parameters like state will be sent alongside the redirect.

    • Set the scope to accounts.

    • Include the openbanking_intent_id with the value of the generated ConsentId.

  3. Sign the JWT:

    • Sign the JWT using the private key of your signing certificate.

    • Ensure that the signature can be validated using the JWKs endpoint you specified during registration.

 

 Related articles

Leatherback 2024