In order to onboard to Salt Bank’s Open Banking API platform, you should email the Salt Bank team at mailto:openbanking@salt.bank providing the following information on your TPP proposition in your message:
Environment (Sandbox and/or Production): Specify whether you would like access to the Sandbox environment for testing, the Production environment for live transactions, or both.
Organisation Name: Provide the registered legal name of your organization, exactly as it appears under your PSD2 license with your national competent authority
Copy of eIDAS QWAC Certificate and Chain: Attach your Qualified Website Authentication Certificate (QWAC) issued under the eIDAS regulation, along with the full certificate chain. This is required to verify your identity and establish secure connections.
JWKS URL: Share the URL to your JSON Web Key Set (JWKS) endpoint. This is used to validate the signatures of the tokens issued by your systems.
Roles (AIS, PIS, CBPII): Indicate which regulatory roles your organization is authorized for. These include:
AIS: Account Information Service
PIS: Payment Initiation Service
CBPII: Card-Based Payment Instrument Issuer
Redirect URI(s): Provide one or more redirect URIs that Salt Bank should use during OAuth2/OpenID Connect flows. These must exactly match those registered in your systems.
Client (TPP) side SSL verification is required to avoid MITM attacks and to also validate the provided eIDAS certificate and licence status of TPP. Enrollment of licensed TPP is fully automatic and does not require additional processing or approval. Each manual enrollment request will check the following:
Client Certificate date validity
Client Certificate Revocation Status
Check of Client Certificate for mandatory PSD2 eIDAS fields (organizationIdentifier and QCStatement)
Check of Client Certificate Issuer
Check of TPP licence (status, country, scopes)
Once TPP enrollment is successfully completed, Salt Bank will issue a JSON file known as the Client Profile. This file can be used as a Postman environment configuration.
The Client Profile contains all the necessary information to onboard to the appropriate environment. It can be:
Imported directly into Postman to facilitate API testing, or
Used to manually extract relevant connectivity details.
For Sandbox implementation, we also provide guidance on how to use Postman to test the Open Banking interface effectively.