Dynamic Client Registration (DCR)
- Version 3.2.1
- Protocol: HTTPS
Introduction
This API provides access to the Dynamic Client Registration API
- Register a client by way of a Software Statement Assertion
Version
Change log and release history:
|
Version |
Sandbox Status |
Production Status |
|---|---|---|
|
V3.2.1 |
Live |
Live |
Feedback and Support
Dive in and start coding your applications. If you get stuck or require additional support, please contact our team using the Contact Us form found under the Help menu.
Dynamic Client Registration
On this page
TSP Registration
TSPs need to register their client with Hang Seng's Open Banking platform. In order to achieve this, TSPs first need their software statement issued – as per RFC 7591. More information can be found here.
To request access to Production APIs, TSPs need to submit a request using the Help - Contact Us form in the portal, and selecting 'Open Banking APIs - Business' or 'Open Banking APIs - Personal' from the options under 'Which API does your query relate to?'
On receipt of this information, the Hang Seng support team will on-board the TSP to the Open Banking eco-system. The Software Statement Assertion (SSA) will be securely mailed to the TSP's registered email address.
TSPs need to check the address of Hang Seng's registration endpoint using our well-known endpoints available under API Information.
TSP performs dynamic registration
| Software Statement Sample (Full) | { "software_mode": "Live", "software_environment": "TODO", "software_client_uri": "https://TODO.com", "software_logo_uri": "https://TODO.com", "software_policy_uri": "https://TODO.com", "software_tos_uri": "https://TODO.com", "software_on_behalf_of_org": "https://www.tsp.com", "software_client_description": "software statement for testing purposes", "software_jwks_revoked_endpoint": "https://TODO.com", "software_roles": ["AISP"], "org_jwks_endpoint": "https://TODO.com", "org_status": "Active", "org_contacts": [], "organisation_competent_authority_claims": [], "org_id": "5cb8572403f0df001d", "org_name": "ABC Merchant Ltd.", "org_jwks_revoked_endpoint": "https://TODO.com", "software_client_name": "ABC Merchant Ltd.", "iss": "2fNwVYePN8WqqDFvVf7XMN", "iat": 1556445993, "jti": "45903DAE-3174-4E9E-9047-BBAE9C1A723F", "software_client_id": "2qY9COoAhfMrsH7mCyh86T", "software_redirect_uris": ["https://www.tsp.com/", "https://www.tsp.com/ack"], "software_id": "2qY9COoAhfMrsH7mCyh86T", "software_jwks_endpoint": "https://www.tsp.com/jwks/public.jwks" } |
| Software Statement Sample (Minimal) |
{ "software_on_behalf_of_org": "https://www.tsp.com", |
| Register payload sample | { "iss=": "2fNwVYePN8WqqDFvVf7XMN", "aud": "https://api.ob.hangseng.com", "scope": "openid accounts", "redirect_uris": ["https://www.tsp.com/", "https://www.tsp.com/ack"], "response_types": ["code id_token"], "grant_types": ["authorization_code", "refresh_token", "client_credentials"], "application_type": "mobile", "id_token_signed_response_alg": "PS256", "request_object_signing_alg": "PS256", "token_endpoint_auth_method": "private_key_jwt", "token_endpoint_auth_signing_alg": "PS256", "software_id": "2qY9COoAhfMrsH7mCyh86T", "software_statement": "{Software Statement signed JWT token}", "exp": 1674206304, "iat": 1555506046, "jti": "45903DAE-3174-4E9E-9047-BBAE9C1A723F" } |
Implemented endpoints
| Endpoints | Mandatory | Implemented |
|---|---|---|
| POST /register | Conditional | Y |
Supported authentication methods
| Method | Supported |
|---|---|
| private_key_jwt | Y |
private_key_jwt
@POST/register_private_key_jwt_curl
Message signing
x-jws-signature
The iss value from x-jws-signature must match with full DN of Hang Seng Post certificate.