Skip to main content

Open Banking API

The Cyrexa Open Banking API is the gateway for third-party providers to interact with Cyrexa clients and products. Clients can use the Open Banking API to develop banking applications, whether they are:
  • Regulated third-party providers that want to get account and transaction information of Cyrexa clients and initiate different types of payments.
  • Innovative service providers looking to integrate Cyrexa functions into their applications seamlessly.
The Open Banking API can be tested in Postman:

Authentication

Get Access token

Headers

Content-Type: application/x-www-form-urlencoded

Parameters

  • grant_type: Must be set to client_credentials to get the access token.
  • scope: Must be set to accounts.

Example

When using a self-signed certificate or a certificate not known by standard Certificate authorities, the -k or —insecure cURL option should be used. 
curl --request POST \
  --url https://gateway.cyrexa.com/open-banking/2.0.0/aisp/authorization/token \
  --header 'Content-Type: application/json' \
  -d 'grant_type=client_credentials' \
  -d 'scope=accounts' \
  --data '{
  "consumerKey": "<string>",
  "scope"="accounts",
  "grant_type"="client_credentials"
}'

Response

The response contains the following JSON object: 
{
  'access_token':'<access token>',
  'token_type':'Bearer',
  'expires_in':2399
}
What’s Next This access token serves to authenticate the bearer for all subsequent requests to the API. It can be refreshed before it expires.

Authorization

Each Open Banking API must contain an authorization header in the following format to make a call: Bearer <yourAccessToken> Before starting, users must ensure they have an access token with the proper scope using the /token endpoint. An authorisation code must be obtained so it can be exchanged for an access token.

x-jws-signature

Open Banking API Payment requests additionally require a JSON Web Signature (JWS). The signature needs to be added to the header of the request. The JWS must be obtained using the full content of the payload.
I