The Ozone Sandbox includes the following features:
Account & Transaction API
Full implementation of the UK Open Banking Account and Transaction API specification v3.1, including:
- Account access consent authorization flow.
- All v3.1 end-points implemented: account-access-consents, accounts, transactions, balances, direct-debits, standing-orders, beneficiaries, products, offers, party, scheduled-payments and statements.
- Support for all Open Banking releases to date: Version 1.1, Version 2.0, Version 3.0 and Version 3.1.
- Support for consent revocation through ASPSP and through TPP.
Payment Initiation API
Full implementation of the UK Open Banking Payment Initiation API specification v3.1, including:
- Support for all payment types: domestic payments, domestic scheduled payments, standing orders, international payments, international scheduled payments, international standing orders and file payments.
- Consent authorisation flows for all payment types.
- Addresses all variations in payment requests (e.g. with or without debtor specified, with or without multi-auth block).
- Configurable limit validations (overdraft, daily limit, transaction limit).
- Support for confirmation of funds for PISPs end-points.
- Support for testing of multi-auth flows.
- Support for all Open Banking releases to date: Version 1.1, Version 3.0 and Version 3.1.
Confirmation of Funds API
Full implementation of the UK Open Banking Confirmation of Funds v3.1 specification including:
- Support for all end-points.
- Consent authorisation flows for CBPII.
- Support for all Open Banking releases to date: Version 3.0 and Version 3.1.
Full implementation of the Open Banking Security Profile – Implementers’ Draft v1.1.1 and Financial-grade API – Part 2: Read and Write API Security Profile draft-06 including:
- Configured to accept only FAPI approved TLS versions and ciphers.
- TLS 1.2 MA on resource end-points and token and Dynamic Client Registration end-points using OB MIT or self-signed certificates.
- TLS 1.2 using AWS issued certificates on authorization and discover end-points.
- Support for PS256 and RS256 for signing certs or signing keys.
- All standard client authentication mechanisms supported (client_secret_basic, client_secret_post, client_secret_jwt,private_key_jwt).
- Support for using OB issued certificates (legacy, OB-WACS, OB-SEALS) or self-signed certificates.
- Provides multiple methods for client-onboarding to suit the licensee’s operations.
- TPP developers can “self-serve” and register with the Ozone platform using their social login credentials (e.g. Google, LinkedIN, Github).
- TPPs that have been onboarded by a trust anchor’s test facility (such as the Open Banking Directory Sandbox) can register with the Ozone platform using Dynamic Client Registration APIs.
- Support for Dynamic Client Registration Version 3.1 and Version 1.0.
- TPPs can be registered and be provided with customised access using the Ozone Administration GUI.
Out of the box sample data for each PSD2 in-scope account type in GBP and Euros:
- Updates in real-time as payments are made.
- Additional data can be imported via UI.
- Includes a Postman collection and configured environments – setup a working profile in under five minutes.
- Detailed logging for each API call that can be easily accessed by developers.
- Step-by-step guide for generating SSAs for dynamic client registration.
- Step-by-step guide for generating consent-authorization URLs and signed request objects.
- Ability to configure ‘permissive’ or ‘strict’ instances of banks. Permissive instances bypass the security profile and can be used to simplify the TPP learning curve and to focus hackathons on functional aspects.