Open Banking Postman Tutorial

SamuelDiethelm · 4 September 2023 11:10

Hi Community!

To all Postman lovers out there we have some fresh Open Banking API updates for you. For those who are not familiar with Postman, it is a fantastic tool for testing APIs with no need to write code. We highly recommend that you have a look at it.

We recently shared some updates covering our public Postman collection but we now have also published tutorials on how to use the collection effectively with our Open Banking APIs.

Open Banking APIs are secure APIs meant for regulated entities. They can be quite challenging to test since you need to compute cryptographic signatures in several steps along the way and add them to the request or to redirection links. This is not natively supported by Postman so we developed some custom automations in the collection which will do this automatically for you.

Head over to the setup instructions and check out the guide on how to get account information or how to initiate a payment .

julienn · 4 December 2023 08:55

Hello,

I’m trying to setup Open Banking in Sandbox by following the Postman tutorial (Revolut Docs).
I forked both the sandbox “Environments” and Open Bankings APIs collection

I’m stuck at step #3 Get an authorisation access token.
The request to POST https://sandbox-oba-auth.revolut.com/token returns me a 400 Bad Request which the following body payload:

{
    "Code": "400 Bad Request",
    "Message": "Invalid request parameters",
    "Id": "<random_id>",
    "Errors": [
        {
            "ErrorCode": "UK.OBIE.Field.Invalid",
            "Message": "Incorrect request token"
        }
    ]
}

I don’t understand why my “request token” can be “invalid”.
I executed the two previous steps successfully and within less than 30 seconds, to be sure nothing is expired.
The code parameter is well generated through the Developer Portal.

Does someone have any hint about this error?

Thanks.

SamuelDiethelm · 4 December 2023 13:40

Hi @julienn , welcome to the community!

Can you confirm that code that you provided in the request is the one you obtained after the redirection to your redirect_uri which happens after completing the consent authorisation in the UI?

Can you please check if after forking the environment you updated the environment variables (private_key, kid, jwk_domain and client_id) with your own as described in set up postman?

Thanks

julienn · 4 December 2023 14:14

Hello @SamuelDiethelm, thank you !

Yes, the code has been retrieved via the URL displayed in Postman console window and after completing the consent authorisation.

I’ve updated (and restart from scratch two times to be sure I did not missed anything) all variables in Postman environments.

Do you have any hint about the error message?

SamuelDiethelm · 11 December 2023 08:54

Hi @julienn
Can you please raise this via email in api-requests@revolut.com and share as much detail as possible? Please include the full request and response of the requests and the full redirect links that you are getting.
Thanks

julienn · 12 December 2023 08:51

Thanks!
I’ve sent an e-mail with a link to a gist with all the information.