{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"1f5193b0-0fe0-4345-af95-8af111746d0d","name":"Open Banking API Standard v1","description":"The Regulatory Framework for Open Banking in Nigeria established principles for data sharing across the banking and payments system to promote innovations and broaden the range of financial products and services available to bank customers. As a result, open banking recognizes the ownership and control of data by customers of financial and non-financial services, and their right to grant authorizations to service providers for the purpose of accessing innovative financial products and services. This is anticipated to drive competition and improve accessibility to banking and payments services.\n\n## What this document is about\n\nThis is a draft of the API specification standards designed to be used in compliance with the Central Bank of Nigeria (CBN) operational guidelines on open banking within the Nigerian financial ecosystem.\n\n## Scope\n\nGiven the open banking proposition, any organisation that has data of customers which may be exchanged with other entities for the purpose of providing innovative financial services within Nigeria, is eligible to participate in the Open Banking ecosystem.\n\nEntities participating within the Open banking ecosystem are categorized based on the following roles that they may perform. Participants may assume more than one role depending on their services and offerings:\n\n\\* **API Provider (AP)**: This refers to a participant that uses API to avail data or service to another participant. An API Provider can be a licensed financial institution/service provider, a Fast-Moving Consumer Goods (FMCG) Company or other retailers, Payroll Service Bureau etc.  \n\\* **API Consumer (AC)**: This refers to a participant that uses API released by the (API) providers to access data or service. An API Consumer can be a licensed financial institution/service provider, an FMCG or other retailers, Payroll Service Bureau etc.  \n\\* **Customer**: This refers to the data owner and end-user that may be required to provide consent for release of data for the purpose of accessing financial services.\n\nThe draft Open Banking API specifications, when implemented, will allow Nigerian banks and other financial institutions to develop API endpoints that can then be accessed by API users (e.g., third-party developers, fintechs) to build mobile and web applications for their customers.\n\nThese API definitions are a draft and represent our ideas of what the open APIs for financial institutions should be. Suggestions and comments are welcomed. To contribute or know more, kindly email [contact@openbanking.ng](https://mailto:contact@openbanking.ng).\n\n---\n\n## What Open Banking Nigeria is not\n\nOpen Banking Nigeria is not a fintech, or a switch, or a company you connect to for financial services. We are a non-profit driving the advocacy for common API standard within the Nigerian banking ecosystem. The APIs defined here cannot be used for actual transactions.\n\n---\n\n## What Open Banking will achieve\n\nOpen Banking allows account holders to seamlessly and securely link their bank account information with their platform or apps of choice.\n\nThrough the Open Banking API, a fintech can quickly create secure and personalized products and apps for its customers. While you can get access to our sandbox to start testing Open Banking in minutes, you would need to connect with real banks to be able to do real-life transactions.\n\nAll data presented here are dummy values.\n\nTo know more about Open Banking Nigeria and its advocacy to get Nigerian banks to adopt the same API standard, please visit the [Open Banking Nigeria website](https://openbanking.ng).\n\n---\n\n# Technical information\n\n## Authentication and authorization\n\nAPI Consumers (AC) will obtain `CLIENT_ID` and `CLIENT_SECRET` from the Open Banking Gateway of the API Producer (AP) they want to connect with.\n\nACs would use these credentials to call the [/token](https://apis.openbanking.ng/#10683175-bb7e-4a42-aeab-d02aa99da508) endpoint of the AP using **Basic Authentication.** This would in turn provide them with a `Bearer Token` to use for future calls going forward.\n\nTherefore, for endpoints that require authentication, they AC would need to add the following header to each request:\n\n`Authorization: Bearer`\n\nIf you do use an expired token, you will receive a `401` response code, indicating that your access is no longer authorized.\n\n---\n\n## Data types\n\nAll of the Open Banking Nigeria API responses returned are in JSON format, with these data types defined below:\n\n| Type | Format | Example |\n| --- | --- | --- |\n| String | A UTF-8 encoded string | “The Quick Brown Fox” |\n| Number | Decimal notation. Maximum of 4 decimal places | 1.0004 |\n| Date | ISO8601 → YYYY-MM-DDThh:mm:ss.sTZD | 2025-05-07T12:34:56.789Z (UTC) |\n| Country | ISO 3166-1 alpha-2 | “NG” |\n| Currency | ISO 4217 alpha code | “NGN” |\n| Phone numbers | E.164 Standard | “+2348022223333”  <br>“+4444445565” |\n\n## Data length\n\n| **Type** | **Description** | **Length** |\n| --- | --- | --- |\n| Text fields | string | max-length 255 characters |\n| BVN | integers starting with 1 or 2 | 11 digits. |\n| Account Number | integers | 10 digits. |\n\n---\n\n## Paging\n\nFor endpoints that provide several records, the response may be paged depending on the total number of records that the server can return at a time. This means that to retrieve the full set of items for a given resource you may be required to make several requests.\n\n## URL parameters\n\n| **Parameters** | **Description** |\n| --- | --- |\n| page | The page number you wish to retrieve |\n| limit | The number of items to return in a page |\n\n## Response\n\n| **Field** | **Type** | **Description** |\n| --- | --- | --- |\n| data | `array` | The actual data items you have requested |\n| _meta | `object` | Key/value information that is not essential to understanding the resources returned but offers additional detail |\n| _links | `array` | A collection of links that you can use to navigate the paged data |\n\n## _meta\n\n| **Field** | **Type** | **Description** |\n| --- | --- | --- |\n| total_number_of_records | `number` | The total number of data items in the collection |\n| total_number_of_pages | `number` | The number of pages in the collection |\n| page_number | `number` | The current page number |\n| page_size | `number` | The current page size |\n\n## _links\n\n| **Field** | **Type** | **Description** |\n| --- | --- | --- |\n| rel | `string` | The relation of the linked resource to the current resource |\n| href | `string` | The absolute URI of the related resource |\n\n## Navigating through pages\n\n\\* If you are on the first page, the \"prev\" link will not be present in the response.  \n\\* If you are at the final page, the \"next\" link will not be present in the response  \n\\* If there are no pages and all data is returned neither \"prev\" or \"next\" links will be present in the response\n\n---\n\n# Errors\n\nErrors in the Open Banking Nigeria API are expressed as a combination of HTTP status codes and an accompanying JSON body providing required detail where possible. You should be able to rely on the HTTP status code alone to determine the cause of the problem.\n\n## Error response fields\n\n| **Field** | **Type** |\n| --- | --- |\n| message | `string` A human-readable message as to the specifics of the problem. For example, it may contain a detail description of what caused the problem |\n| status | The 8583 standard response code. |\n| error_code | The specific Open Banking Nigeria error code for the problem |\n| data | Extra information about the error. |\n\n---\n\n## Sample response\n\n``` json\n{\n  \"status\": \"07\",\n  \"error_code\": \"INVALID_ACCOUNT\",\n  \"message\": \"The beneficiary account is invalid\",\n  \"data\": {}\n}\n\n ```\n\n# Custom properties\n\nThe Open Banking API ard has been designed to be flexible enough to allow ACs to layer on additional data fields. This would help to pass on proprietary information not common to all banks or additional processing directives unique to the specific bank.\n\nThe `custom_properties` are optional and are a collection which means multiple instances of these fields may be included in any message.\n\n## Response Body Fields\n\n| **Field** | **Type** | **Description** |\n| --- | --- | --- |\n| id | `string` | A unique identifier for the extra field |\n| description | `string` | A description of the extra field |\n| type | `string` | A type of field but defined by the API Consumer |\n| value | `string` | The value of the extra field |\n\nFor this documentation, the `custom_properties` will not be included in all the Response Body Fields\n\n---\n\n# Response codes\n\nFind in the table below the possible response codes usually formatted as `status` and their respective descriptions. They follow the `8583 standards`.\n\n| **Code** | **Description** |\n| --- | --- |\n| 00 | Approved or completed successfully |\n| 01 | Status unknown, please wait for settlement report |\n| 03 | Invalid Sender |\n| 05 | Do not honor |\n| 06 | Dormant Account |\n| 07 | Invalid Account |\n| 08 | Account Name Mismatch |\n| 09 | Request processing in progress |\n| 12 | Invalid transaction |\n| 13 | Invalid Amount |\n| 14 | Invalid Batch Number |\n| 15 | Invalid Session or Record ID |\n| 16 | Unknown Bank Code |\n| 17 | Invalid Channel |\n| 18 | Wrong Method Call |\n| 21 | No action is taken |\n| 25 | Unable to locate record |\n| 26 | Duplicate record |\n| 30 | Format error |\n| 34 | Suspected fraud |\n| 35 | Contact sending bank |\n| 51 | No sufficient funds |\n| 57 | Transaction not permitted to sender |\n| 58 | Transaction not permitted on channel |\n| 61 | Transfer limit Exceeded |\n| 63 | Security violation |\n| 65 | Exceeds withdrawal frequency |\n| 68 | Response received too late |\n| 69 | Unsuccessful Account/Amount block |\n| 70 | Unsuccessful Account/Amount unblock |\n| 71 | Empty Mandate Reference Number |\n| 91 | Beneficiary Bank not available |\n| 92 | Routing error |\n| 94 | Duplicate transaction |\n| 96 | System malfunction |\n| 97 | Timeout waiting for a response from destination |\n\n---\n\n# Idempotency\n\nAll Open Banking APIs shall support idempotency for safely retrying transactions without accidentally performing the same operation twice. This is useful when an API call is disrupted, and the AC does not receive a response. For example, `request_time_out` or `response_received_too_late`. Therefore, if an AC does not get a response message for a transaction, they can retry the request with the same idempotency key, and are guaranteed that no more than one transaction would be posted.\n\nAll requests are required to be idempotent by default, by providing an idempotency_key: header in every request. This also serves as an implementation of transaction query.\n\nAn idempotency key is a unique value generated by the AC which the server uses to recognize subsequent transaction retries of the same request. It is up to the AC to determine how these idempotency keys would be generated. Whatever it is, it must have enough entropy to avoid collisions.\n\nIdempotency keys would never expire, so a new request that is generated if a key is reused outside of that time frame would fail.\n\nOpen Banking API idempotency works by saving the resulting status code and body of the first request made for any given idempotency key, regardless of whether it succeeded or failed. Subsequent requests with the same key should return the same result, including Server (500) errors.\n\nResults are only saved if an API endpoint started executing. If incoming parameters failed validation, or the request conflicted with another that was executing concurrently, no idempotent result is saved because no API endpoint began execution. It is safe to retry these requests.\n\n## Additional information\n\nThe following are links to other information or regulation necessary to have a complete understanding of the Nigerian open banking regulation, standards, and ecosystem:\n\n\\* [Central Bank of Nigeria regulatory framework for open banking in Nigeria [February 2021]](https://www.cbn.gov.ng/out/2021/psmd/circular%20on%20the%20regulatory%20framework%20on%20open%20banking%20in%20nigeria.pdf)  \n\\* [Central Bank of Nigeria draft operational guidelines on open banking in Nigeria [May 2022]](https://www.cbn.gov.ng/Out/2022/CCD/OPERATIONAL%20GUIDELINES%20FOR%20OPEN%20BANKING%20IN%20NIGERIA_APPROVED%20EXPOSURE%20DRAFT.pdf)","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":true,"owner":"6404270","team":244744,"collectionId":"1f5193b0-0fe0-4345-af95-8af111746d0d","publishedId":"2s847BVGAF","public":true,"publicUrl":"https://apis.openbanking.ng","privateUrl":"https://go.postman.co/documentation/6404270-1f5193b0-0fe0-4345-af95-8af111746d0d","customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"},"documentationLayout":"classic-double-column","customisation":{"metaTags":[{"name":"description","value":""},{"name":"title","value":""}],"appearance":{"default":"light","themes":[{"name":"dark","logo":null,"colors":{"top-bar":"212121","right-sidebar":"303030","highlight":"FF6C37"}},{"name":"light","logo":null,"colors":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"}}]}},"version":"8.10.1","publishDate":"2023-05-31T12:54:13.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{"title":"","description":""},"logos":{"logoLight":null,"logoDark":null}},"statusCode":200},"environments":[],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/33810e203bcfd27b3719ab529921e6c96a5f1c859689c356e3232ea202ca6f9b","favicon":"https://res.cloudinary.com/postman/image/upload/v1552947245/team/hxsaw6idtrhoeumxskgk.ico"},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"}],"canonicalUrl":"https://apis.openbanking.ng/view/metadata/2s847BVGAF"}