api

Intro

In my previous post I have explained What is the Open Bank Project. In this one I want to share more technical details. Open Bank Project is currently supporting only OAuth v1.0 protocol (TESOBE is considering the support of OAuth v2.0). If you are not familiar with OAuth v1.0 protocol, you can find its specification here. Here are three steps explaining how to integrate your application with Open Bank Project API.

Step 1 – Create Open Bank Project Sandbox to test

On the Open Bank Project website you can create sandbox accounts that you can use to test their API and get "feeling" how things are working. First, you have to register your application by registering here. After registration, you will get application key and application secret that are required in later steps in order to obtain the token request token.

Step 2 – Understand OAuth protocol

In order to communicate with Open Bank API you have to implement OAuth protocol. I know that you already heard about OAuth, and your first though is "It is a bit hard" but let me try to explain you why this concept is really important when we are talking about Open Bank Project.

Imagine you want to make an Android Application that lists all user transactions in beautiful user interface with graphs and information about how much money user spent during last month or last six months etc.

If you think about it, this is not easy task because you have to support thousand of banks across different countries. Open Bank API enables you to work with thousand of banks across different countries just contacting one REST API service.

In our scenario, bank is holding all user transactions (data), your application wants to access transactions (data), but only user (account holder) should have ability to approve your application to access the data.

In the last sentence, we can identify three key roles: Bank is holding all data, meaning data is saved on bank servers (in OAuth protocol this role is called server), your application is accessing bank servers and it is called client, and account holder is actually resource owner. Data that resource owner is using to confirm its identity is called credentials.

This scenario is different from the one where we have only client and server, where client connects to the server and requests some data saved on the server. In our scenario, client is connecting to the server, but the resources from the server should be served only and only if the resource owner confirmed that. When resource owner confirms that he wants to share his data, client obtains token and access the data. Client should save the token which can be used in subsequent requests in order to retrieve information from the server.

OAuth protocol is deeply explained in the document I shared at the beginning of this post, but here is a good illustration how OAuth v1.0 is working.

OAuth 1.0

OAuth 1.0

 

Let me try to explain what is happening on the diagram above. Your application wants to get all transactions from the Resource server. In order to retrieve transactions from the Resource server, your application has to obtain the token.

User is redirected to specific URL where user has to provide username and password (for example username and password for online banking account). The URL where user is redirected is controlled by the bank itself and user never shares its online banking credentials with any other third party service, he shares his credentials only with the bank, but that is not the problem because the bank is the only entity whom user can "trust".

User's credentials are checked and if they are valid, TOKEN is obtained and returned to your application. Application should save the token, and should make any subsequent request to the Resource server with this token. Resource server is then checking token and if everything is fine, transactions (data) are returned.

Step three- Use available OAuth library

In order to support the Open Bank Project, I extended PHPOAuthLib project on GitHub and added support for OAuth v1.0 which is working with Open Bank API. In the link you can find extended PHP library working with Open Bank API.

In examples folder there is file called openbankapi.php which is demonstrating how to obtain TOKEN and then how to call Open Bank API functions.

I’d love to get your comments below or you can email me at code.epicenter at gmail.com.

How to integrate your project with Open Bank Project APIhttp://code-epicenter.com/wp-content/uploads/2015/11/api-1024x581.pnghttp://code-epicenter.com/wp-content/uploads/2015/11/api-150x150.pngAmir DuranLibrariesPHPProgrammingTutorialsOAuth,Open Bank Project,PHP
Intro In my previous post I have explained What is the Open Bank Project. In this one I want to share more technical details. Open Bank Project is currently supporting only OAuth v1.0 protocol (TESOBE is considering the support of OAuth v2.0). If you are not familiar with OAuth v1.0 protocol, you can find its specification here....