Introduction

Welcome to the OneLinQ API portal. Your starting point for making great apps! It allows you to consume Open Banking or PSD2 functionality from many banks in Europe via one unified API interface. Our API portal offers an easy and secure way to try out our platform and gives a preview of upcoming functionality. It allows developers to get familiar with our APIs, therefore we have put a lot of effort in our documentation and made all the endpoints available in a sandbox environment for easy testing.

In this portal we have published several Open Banking and PSD2 API standards that are available today. Select the standard you prefer, choose the destination bank and start testing.

Supported Countries

Country

Connectivity Status

AustriaSandbox and Production
BelgiumSandbox and Production
BulgariaSandbox and Production
CroatiaSandbox and Production
CyprusSandbox
Czech RepublicSandbox and Production
DenmarkSandbox
EstoniaSandbox and Production
FinlandSandbox
FranceSandbox and Production
GermanySandbox and Production
GreeceSandbox and Production
HungarySandbox
IrelandSandbox and Production
ItalySandbox and Production
LatviaSandbox and Production
LiechtensteinSandbox

Lithuania

Sandbox and Production
LuxembourgSandbox and Production
MaltaSandbox
NetherlandsSandbox and Production
NorwaySandbox and Production
PolandSandbox and Production
PortugalSandbox and Production
RomaniaSandbox and Production
SlovakiaSandbox and Production
SloveniaSandbox and Production
SpainSandbox and Production
SwedenSandbox and Production
United KingdomSandbox and Production

We are constantly adding new banks as they are available. Please provide your interest in specific banks and countries and developer URLs provided by these banks here.

Remark: The OneLinQ API portal is in Beta mode. We are currently allowing access to only to the public sandbox and/or development environments provided by the banks.

Supported Destination API standard

Bank Format

Version

ABN Amro1.0
Czech1.1
Czech3.1
OBWG3.1.X
Polish2.1
Slovakia2.0
Starling2.0
STET1.4.X
The Berlin Group NextGenPSD21.1, 1.2, 1.3.x

What are Open Banking API’s?

Mainly driven by the Payment Service Directive 2 (PSD2) many banks have published open API’s that enable third party developers to build applications and services around the financial institution. The majority of these API’s support Account Information Services (AIS) and Payment Initiation Services (PIS). This means that you can get the account balance or a list of transactions of a bank account, in the meantime it also allows you to create a payment that will be executed by the bank after authorization. In all cases user’s consent is required and the requests sent to the bank must be authorized by the user using the credentials issued by the bank.

For Account Information Services it is possible to get an authorization (i.e. token) that lasts up-to 90 days. This allows you to get balance and transaction information for the bank accounts that where part of this authorization, until the token expires.

OneLinQ API

In this API portal we have also published the OneLinQ API. We recommend this API as it will give you the best experience. The OneLinQ API implementation is a RESTful service and the requests and responses produced by the OneLinQ API are in JavaScript Object Notation, JSON format. The OneLinQ API come in two versions: basic and full. In the basic variant we have reduced the number of mandatory fields by enabling intelligent enrichments on our platform. You only need to provide the most relevant elements for making a payment or getting a list of transactions. We have tried to make it as easy as possible. For newcomers into Open Banking or PSD2 this will give the best experience.

The full variant of the OneLinQ API gives you maximum control. All the elements, whether mandatory or not, are available. As the basic variant is fully compatible with the full version you can always choose to switch to the full version later.

Sign-up

In order to start consuming our API’s you need to sign-up. This is very easy and only a few steps are required. Click on the sign up button that is available on top of every page. This will open the sign-up form where you are asked to provide some basic details like company name, e-mail address and username.

Register Application

To invoke our APIs, you have to register an application in the portal. This application enables you to keep track of application-specific credentials that are issued in the Register Application step. Furthermore, it shows all API’s that are used by your application. The registration can be done separately or will automatically start when you subscribe to an API without having an application created yet. An overview of all your registered applications can be obtained anytime from the user account menu, which is available to users that have signed-up.

Select API and subscribe

When you have created an account, you are able to view the endpoints of the APIs that are published on the portal. Select the API you want to test or implement and subscribe to one of the available plans.You can choose one of the plan from the product you have subscribed.There are two types of plans available namely Silver and Gold with each having different rate limts.

Go to the Product section on this page for more details of all the different product we offer.The detail about the different plans offered can be found by click on the required product.

Authentication

To use any of the API’s that are published in this portal, you first need to authenticate your application and retrieve an access token. The type of access token dependents on the bank you connect to, however in most cases it will be handled via the OAuth2 authorization protocol.

Most of the OneLinQ product APIs requires client id, client secret, and OAuth2 access token to be sent in the API request header X-IBM-Client-Id, X-IBM-Client-Secret and Authorisation respectively. In some cases client id needs to be sent as query parameter client_id.

Only TPPs / Fintechs with valid client id & client secret will be able to consume the APIs. Client id & secret can be generated by creating an application on the API Portal.

OneLinQ currently has implemented the OAuth2 grant types:

  • Client credentials grant
  • Authorization code grant

Client Credentials

For accessing OneLinQ product APIs that don't need the authorization of a TPP/Fintech customer, OAuth2 client credentials grant flow needs to be used. This flow is sometimes called "two legged OAuth2" or "server-to-server".

Endpoints which needs to be used to generate the client credentials access token -

/token – Please refer the API documentation for more details on the request / response structure.

Example request / response:

# Client credential access token

POST https://sandbox-api.onelinq.io/advanced/v1.0/token

Request:

POST /advanced/v1.0/token
content-type: application/x-www-form-urlencoded
x-ibm-client-id:
x-ibm-client-secret:
accept: */*
accept-encoding: gzip, deflate
grant_type=client_credentials&bank_name=MDLOGBXX&scope=accounts

Response:

HTTP/1.1 200
status: 200
connection: Keep-Alive
content-type: application/json
x-global-transaction-id: 86309829
access-control-expose-headers: APIm-Debug-Trans-Id, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-Global-Transaction-ID
access-control-allow-origin: *
access-control-allow-methods: POST
content-encoding: gzip
{
"access_token":"e3572a7a-2588-43fd-ac64-f07b6c55459b",
"token_type":"Bearer"
}

Authorization code

Some of the OneLinQ product APIs requires authorization from the customer. In this case you will use the OAuth2 Authorization code grant flow, which will provide your application with specific access for getting the customer data approved by the customer. This flow is sometimes called "three legged OAuth2".

Endpoints which needs to be used to generate the authorization code access token -

/authorize - Please refer the API documentation for more details on the request / response structure.

Example request / response:

# Authorize

GET https://sandbox-api.onelinq.io/advanced/v1.0/authorize?client_id=&state=8c27ffc7-586d-4048-8c41-e50f26ad2adf&redirect_uri=http://localhost:8080/callback&bank_name=MDLOGBXX&user_id=j&request=eyJhbGciOiJIUzI1NiJ9.eyJyZXF1ZXN0X2lkIjoiNjA2ZWExZTgtNWU1Mi00NDRhLTkyYTctNjBlODk5YzljZGI1IiwiaXNzIjoiNTFiMjhmYzYtYjE3NS00NThhLThlZDktYmQzMTE4MDliYmExIiwiYXVkIjoicGVsaWNhbi5jby51ayJ9.xgHRTJHu6VFAMbP-JGLxrnH-gCRloD5-mb_T89IEiPE&scope=accounts

Request:

GET /advanced/v1.0/authorize
accept: */*
accept-encoding: gzip, deflate

Response:

HTTP/1.1 302
status: 302
connection: Keep-Alive
content-type: application/json
x-global-transaction-id: 103022193
cache-control: private
location: https://modelobankauth.o3bank.co.uk:4601/auth?client_id=&state=620fa7dd-c97d-40c1-a9ca-6c43f7a12827&redirect_uri=https://api.eu.apiconnect.ibmcloud.com/pelican-uk-pelican/sb/psd2/auth/callback&response_type=code&nonce=f0097e98-622b-40f4-8d38-661a704726fb&request=eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJodHRwczovL21vZGVsb2JhbmthdXRoLm8zYmFuay5jby51azo0NjAxIiwic2NvcGUiOiJvcGVuaWQgYWNjb3VudHMiLCJjbGFpbXMiOnsiaWRfdG9rZW4iOnsib3BlbmJhbmtpbmdfaW50ZW50X2lkIjp7InZhbHVlIj oiNjA2ZWExZTgtNWU1Mi00NDRhLTkyYTctNjBlODk5YzljZGI1IiwiZXNzZW50aWFsIjp0cnVlfX19LCJpc3MiOiI1ZDEwNjQzMi00YTMyLTQ4YzQtODA4Zi0wZjZkN2Q5NmU5NTgiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOi8vYXBpLmV1LmFwaWNvbm5lY3QuaWJtY2xvdWQuY29tL3BlbGljYW4tdWstcGVsaWNhbi9zYi9wc2QyL2F1dGgvY2FsbGJhY2siLCJjbGllbnRfaWQiOiI1ZDEwNjQzMi00YTMyLTQ4YzQtODA4Zi0wZjZkN2Q5NmU5NTgifQ.BoReyQh5-WfjEBrP2GfAFhnH99Z1BiUfWBEduBrGrm0&scope=openid accounts
access-control-expose-headers: APIm-Debug-Trans-Id, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-Global-Transaction-ID
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: gzip
{
"redirectUrl":"https://modelobankauth.o3bank.co.uk:4601/auth?client_id=&state=620fa7dd-c97d-40 c1-a9ca-6c43f7a12827&redirect_uri=https://api.eu.apiconnect.ibmcloud.com/pelican-uk-pelican/sb/psd2/auth/callback&response_type=code&nonce=f0097e98-622b-40f4-8d38-661a704726fb&request=eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJodHRwczovL21vZGVsb2JhbmthdXRoLm8zYmFuay5jby51azo0NjAxIiwic2NvcGUiOiJvcGVuaWQgYWNjb3VudHMiLCJjbGFpbXMiOnsiaWRfdG9rZW4iOnsib3BlbmJhbmtpbmdfaW50ZW50X2lkIjp7InZhbHVlIjoiNjA2ZWExZTgtNWU1Mi00NDRhLTkyYTctNjBlODk5YzljZGI1IiwiZXNzZW50aWFsIjp0cnVlfX19LCJpc3MiOiI1ZDEwNjQzMi00YTMyLTQ4YzQtODA4Zi0wZjZkN2Q5NmU5NTgiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOi8vYXBpLmV1LmFwaWNvbm5lY3QuaWJtY2xvdWQuY29tL3BlbGljYW4tdWstcGVsaWNhbi9zYi9wc2QyL2F1dGgvY2FsbGJhY2siLCJjbGllbnRfaWQiOiI1ZDEwNjQzMi00YTMyLTQ4YzQtODA4Zi0wZjZkN2Q5NmU5NTgifQ.BoReyQh5-WfjEBrP2GfAFhnH99Z1BiUfWBEduBrGrm0&scope=openid accounts"
}

/token – Please refer the API documentation for more details on the request / response structure.

Example request / response:

# Authorize code access token

POST https://sandbox-api.onelinq.io/advanced/v1.0/token

Request:

POST /advanced/v1.0/token
content-type: application/x-www-form-urlencoded
x-ibm-client-id:
x-ibm-client-secret:
accept: */*
accept-encoding: gzip, deflate
grant_type=authorization_code&bank_name=MDLOGBXX&code=0e3f341a-7944-4c0d-8065-440fc830a256&redirect_uri=http://localhost:8080/callback

Response:

HTTP/1.1 200
status: 200
connection: Keep-Alive
content-type: application/json
x-global-transaction-id: 86352661
access-control-expose-headers: APIm-Debug-Trans-Id, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-Global-Transaction-ID
access-control-allow-origin: *
access-control-allow-methods: POST
content-encoding: gzip
{
"access_token":"29960742-b3e4-4c7c-9cab-477c45bff80a",
"token_type":"Bearer"
}

Support

Are you facing issues or challenges, please visit our support page where we have published some frequently asked questions that could be helpful. This FAQ will be regularly updated, based on your feedback.

If you have signed-up you can also create a support ticket on the same page. We aim to get back as soon as possible to your query or request.

Feedback

We really value your feedback. If you have suggestions or questions, please get in touch with us via this contact form.

Supported source API standard

API Standard

Version

Advanced1.0
OBWG3.1.3
The Berlin Group NextGenPSD21.3.6
STET1.3-Beta