Skip to main content

Scopes

  • Open Data 🌐
  • Account Information 🔒
  • Payment Initiation 🔒
  • VRP 🔒

Live Environment

Precondition: To connect to live Open Banking entities, whether you are accessing account information or initiating payments, your business must have the right regulatory permissions as per the Open Banking Guide.
  1. Upload your transport and signing certificates (PEMs) created in the Open Banking directory, along with the keys into Yapily’s certificate vault.
  2. Add Santander from the Live tab to your Dashboard application and add your Signing key Id, which can be obtained from the Open Banking Directory.
  3. Select your Open Banking transport and signing certificates from the relevant drop-downs lists then click Next.
  4. Click the ‘download the SSA’ button to download your Software Statement Assertion from the Open Banking Directory. This is the token that the Open Banking UK institutions will use during registration to verify your enrolment and possibly create your application.
  5. Log in to Santander’s developer portal using Open Banking SSO
  6. Create a new production app using the downloaded SSA. Set the appropriate organisation role.
  7. Copy the credentials for this app from the Santander developer portal into the credentials view for Santander in the Yapily dashboard. Add the obtained Client ID as Key and the Client secret as Secret. Click ‘Next’ to save.

VRP Sweeping Access

In order to access the VRP endpoints we have to grant your Yapily application additional scopes. If you do not have these scopes then please contact your customer success manager to get them added.
The following steps are not intended for Yapily Connect customers.
Precondition: To use VRP on santander_uk a manual registration via API is required. Pre-requisites for Manual registration:
  • Valid OBWAC / OBSEAL certificates
  • PIS registration details for santander_uk
You can use existing PIS registration details for this institution to gain VRP sweeping access. The registration details can be found on the Yapily Console for the given application. If a new registration is required (e.g. if you are using a new redirectUri for VRP and it is not covered in the existing registration) then you will have to manage your applications on the institution developer portal. Ensure that the application is subscribed to the latest API version on the institution portal. The existing or new registration credentials from the Yapily Console will be used in the steps below.

Steps Required for Manual registration

  1. Upload the signing (OBSEAL) and transport (OBWAC) certificates if not already present
You can check if the certificate is present already by navigating to the Console -> Certificates. If absent please upload the certificate. Once confirmed, we need the UUID of the certificate which can be found in the Console -> Certificates -> Certificate; the UUID will appear in the browser URL bar as follows: https://console.yapily.com/certificates/<UUID> Save the UUID and remember for which kind of key it corresponds to: e.g. SIGNING_KEY_UUID = d16f87d3-4222-4173-b8b9-44aeccacae7d Once you have done it for the signing key, repeat the process for your transport certificate.
  1. Call the manual registration endpoint
The final step is to call the manual registration endpoint with the certificate UUIDs and credentials from your application created on the portal. The apiTypes field in the example has both types but if the registration in question grants PIS access only then only provide PISP. If a custom redirect URI (not Yapily’s) is used for the registration then you can provide it in the redirectUri field. The clientId field corresponds to the key field on the Yapily Console. The clientSecret corresponds to the secret field on the Yapily Console. Request 
curl --location --request POST 'https://api.yapily.com/institutions/santander_uk/manual/register' \
     --header 'Content-Type: application/json' \
     --header 'Authorization: Basic ...' \
     --data-raw '{
            "signingKeyID": "$SIGNING_KEY_UUID",
            "transportKeyID": "$TRANSPORT_KEY_UUID",
            "clientId": "$CLIENT_ID",
            "clientSecret" : "$OPTIONAL_CLIENT_SECRET",
            "softwareStatementId": "$SSA_ID",
            "organisationId": "$ORGANISATION_ID",
            "apiTypes" : ["AISP", "PISP"],
            "redirectUri" : "<optional-redirect>"
            }'
Response 
{
"id": "a0460a91-4b4c-422a-bbe6-bebe0b92e308"
}
This is the Yapily registration id which can be used to Get, Modify, Delete the registration.

Payments

Bulk Payments

  • Domestic and Scheduled payments are supported
  • Maximum 3500 payments per request
  • For every payment the same payer must be specified
  • Only accepts bulk payments where all creditors are trusted beneficiaries

Support

If you require technical support with certificate management, please contact Support.