The steps below provide you with the information required in order to get you to started and integrating our account services into your applications.
In order to interact in the live Open Banking ecosystem in the UK all participants, whether AISPs or ASPSPs, are required to be authorised by the FCA. To find out more please click on the following link: https://www.fca.org.uk/firms/authorisation
In order to interact in the live Open Banking ecosystem in the UK all participants, whether AISPs or ASPSPs, are required to be registered with the OB directory. To find out more please click on the following link: https://directory.openbanking.org.uk/s/login/
Download your SSA from the OB Directory
So that they can consume our APIs (step 5) TPPs need to onboard with Allstar. In order to onboard with Allstar a TPP is required to have completed steps 1 through to 3 above. [Step 1: FCA, Step 2: OB enrolment, Step 3: Software Statement, key generation and SSA] We recommend you read the documentation for Our APIs before going live to understand our service offering.
We offer both Sandbox and Production connectivity for the following steps.
Once you have downloaded your Software Statement Assertion (SSA) from the Open Banking directory you can generate your TPP registration request JWT. The request will contain the SSA downloaded in step 3 and other claims. The claims on the JWT will vary based upon the needs and configuration for each TPP. For further information regarding generating the request JWT and JWT examples please refer to the JWT standards. Your request must conform to the Open Banking standards for registration so please refer to the OIDC dynamic client registration standard for details about the claims to populate and include. We will only accept SSAs that are issued from the OBIE directory. Also please note that we only accept requests that are of the type scope: accounts and the software role should include AISP.
Now you have generated your registration request JWT you need to send it to our registration endpoint which can be found here: Sandbox: https://oauthuat.allstarcard.co.uk/.well-known/openid-configuration/ Production: https://oauth.allstaronline.co.uk/.well-known/openid-configuration/
Our registration endpoint utilises MATLS as its protection.
Now you have completed the on boarding process with us you are all ready to go live with our Read/Write API!
The first step in accessing our APIs is authentication and all our APIs support Redirect OAuth2 authentication. You are required to first gain an access token from us, then using the access token you will POST Consent using our advertised endpoints and the user shall select the Accounts they wish to consent access to. Once Consent has been granted the Account endpoint can be called by your app to pull back the account details for the PSU.
For further information on using our APIs please have a look at Our API page.