https://auth1.openbanking.zopa.com/.well-known/openid-configurationhttps://auth1.openbanking.zopa.com/zopa://consent-access-request?client_id={{ the client ID }}&response_type=code&scope=openid%20accounts&request={{the JWT token}}We do not currently support Dynamic Client Registration.
Please contact our Open Banking support team to be onboarded.
Contact email: openbanking-support@zopa.com
We will also retain your contact details so that you can be informed in the event of any outages or changes to our API specification, as well as to contact you regarding any technical issues. We recommend using a team email address over an individual contact.
As defined further in the Zopa Open Banking API Specification
PS256code id_tokenPS256PS256private_key_jwt, tls_client_authFor private_key_jwt - the
audclaim is the url of the token endpoint as specified in OIDC client authentication.
The request object used in OIDC flows the aud claim is the issuer url from the Zopa ASPSP .wellknown endpoint:
https://auth1.openbanking.zopa.com/.well-known/openid-configuration
Note: Our Sandbox API also offers less strict profiles to assist with integration testing. See below for more details.
We support the use of OBWAC and OBSeal on our production and sandbox environments. TPPs can use their QWACs and QSeals to onboard to the OBL directory and generate these certificates.
We support the use of QWACs, but this is not our recommended approach. TPPs facing issues onboarding with QWACs should contact our support desk. Please attach a pem file of the certificate to your support ticket.
We support the use of QSeals that have been attached to your software statement in the OB Directory.
Our refresh tokens last one year, after this TPPs will need to generate a new consent in order to get a new refresh token.