Direct bank authentication

🚧

Regulated clients only (UK/EU)

To use direct bank authentication, you must be a licensed AISP. This requires a license from the FCA in the UK. You will need similar permissions from an EU member state regulator to use direct bank authentication for EU providers. You can learn more about regulation in our Help Centre article. In AU, direct bank authentication is possible under both the Outsourced Service Provider and Representative models without a specific license.

Contact us to confirm your regulatory status in order to use it in production.

Direct Bank Authentication is an alternative to using TrueLayer auth links. Instead of directing users to TrueLayer's auth dialog, you can send them straight to their bank's app or website. Anyone can test Direct Bank Authentication in our sandbox environment by setting the provider id to mock.

Generating a direct bank auth link

curl -X POST -H "Content-Type: application/json" \
-d '{
  "response_type":"code",
  "client_id":"foobarltd-123xyz",
  "redirect_uri":"https://foobarltd.com/truelayer-redirect",
  "scope":"info accounts balance",
  "state":"foo-usr-id-6789hjkl",
  "consent_id":"consent-1234tyui",
  "data_use_description": "We will use your transaction data to determine your suitability for a credit card and calcuate your APR",
  "provider_id":"ob-natwest"
}' \
https://auth.truelayer.com/v1/authuri
{
  "result": "https://personal.secure1.natwest.com/as/authorization.oauth2?client_id=HZ6ewkLruJDapDopkR6YVS&request=ey...gg&state=auth-y4PCIwnDZcUAM6nVoV_HJnb9DVmOXZlJT5UAs03wT8U&nonce=iZ67tVaMNo-NRtCPCu8nSvubsK5h1C8vr2peGsNc&scope=openid%20accounts&response_type=code%20id_token&redirect_uri=https%3A%2F%2Fauth.truelayer.com%2Foauth%2Fhybrid%2Fcallback",
  "success": true
}

Did this page help you?