The Ozone API Sandbox is a cloud platform designed to help any account provider (ASPSP) meet their PSD2 requirements for a testing facility. It is standards compliant, widely used, and can be setup in a matter of days – in time to meet the 14 March deadline.
Article 30(5) of the Regulatory Technical Standards (RTS) requires ASPSPs applying to their competent authority for a fallback exemption to make their testing facility available to TPPs at least 6 months before the application date of the RTS, i.e. at the very latest by 14 March 2019.
The European Banking Authority (EBA) have defined a number of requirements for this testing facility in Guideline 6.5 of their Final Report, published on 4 December 2018. These requirements are confirmed by the Financial Conduct Authority (FCA) in sections 17.156 and 17.157 of their Final Approach Document published on 19 December 2018.
To add further clarity, last week the Open Banking Implementation Entity (OBIE) published their Operational Guidelines which set out a number of additional recommendations in section 3.1.3, summarised as follows:
“The testing facility should thereby enable TPPs to successfully execute full API journeys to support their proposition with the expectation that they will be able to use the same code base when connecting to the ASPSP’s production interface. In particular, this facility must ensure the API interface meets the requirements of a stable and secure connection, and the ability to exchange eIDAS and/or testing certificates.”
The Ozone Sandbox is the perfect solution for ASPSPs looking to meet their requirements for a PSD2 compliant testing facility.
PSD2 compliance:
- Supports all PSD2, RTS, EBA, and FCA requirements for a testing facility.
- Supports testing the exchange of eIDAS certificates.
- Supports TPP testing for all AISP, PISP and CBPII use cases with synthetic/reference data (i.e. no sensitive or real customer data) via API endpoints for all PSD2 account types in both GBP and Euros.
Standard based and fully featured:
- Full supports for the OBIE Standard including all recommendations for a testing facility.
- The first sandbox to include a full implementation of all mandatory and optional elements in the latest OBIE Read/Write API Specifications v3.1 out of the box.
- Full support for Dynamic Client Registration Specification v3.1, Open Banking Security Profile Implementer’s Draft v1.1.2, and OpenID Foundation’s Financial-grade API – Part 2: Read and Write API Security Profile draft-06.
- Feature rich logging and error codes.
- Can be extended to support other standards (e.g. Berlin Group and STET) on request.
Easy to use:
- Can be used by any ASPSP stand-alone or integrated into the OBIE Directory Sandbox.
- Automated TPP developer on-boarding, to negate the need to manually register users.
- Headless authentication to facilitate TPP automated testing.
- Includes full documentation and postman collections.
- Setup includes configuration of reference data and API endpoints, branded authentication screens, and custom URLs.
- Be ‘up and running’ in days.
Fully managed:
- Installed in a secure, dedicated cloud instance.
- Fully independent of ASPSP internal systems, no integration required.
- 24/7 support.
Proven:
- The first sandbox to be certified by OBIE against the Open Banking Security Profile v1.1.2.
- Trusted by the OBIE to facilitate testing under the CMA Order.
- Used by over 75 ASPSPs and TPPs since January 2018.
- 99.99% availability.
