Register as a third party provider

To register as a third party provider (TPP) you use the registration API. More specifically the POST /tpp endpoint.

Prerequisites

You need a valid eIDAS certificate to register with Lunar. Read more in the Security model document for details.

Payload

You register by issuing an HTTP POST request with a JSON payload containing details about you as a provider along with what roles you want access to.

Roles

Available roles are:

• PSP_PI: Payment Initiation - allows you to initiate payments on behalf of users
• PSP_AI: Account Information - allows you to access account data and transaction history

The roles you request must be a subset of the roles granted in your eIDAS certificate. You cannot request roles that your certificate doesn’t authorize.

Redirect URIs

Redirect URIs are the callback URLs where users will be redirected after completing the OAuth2 authorization flow. You must register at least one redirect URI, and only registered URIs can be used in authorization requests.

Response

The result of a successful registration is a set of client credentials: clientId and clientSecret. These are used when interacting with the OAuth2 APIs whenever the TPP needs access to user data.

Example

Below is an example on how to register with the curl CLI. It expects a client.pem and client.key file locally that holds your eIDAS certificate and that client.pem holds the entire unbroken certificate chain from leaf to root.

curl \
  -v \
  -H "Content-Type: application/json" \
  --data '{"redirectUris":["https://mycompany.com/oauth2/callback"],"roles":["PSP_AI", "PSP_PI"], "name":"mycompany"}' \
  --cert client.pem \
  --key client.key \
  https://tpp.openbanking.prod.lunar.tech/tpp

On success (201 Created), you will receive a client id and secret that must be used whenever you need an access token to interact with the resource APIs.

{
  "clientId": "11111111-2222-3333-4444-555555555555",
  "clientSecret": "aBcDeFgHiJkLmNoPqRsTuVwXyZ123456"
}

Error responses