SMBC Group’s developer portal and APIs is open to those registered as a TPP with a national competent authority.

The sandbox endpoint is The details of the sandbox server is also available on the respective API documentation pages, e.g., for Account Services.

Production access is obtained using the Dynamic Client Registration Service without manual intervention from SMBC. To gain access to production, follow the steps in the Access to Production API section of the Getting Started Guide.

Currently SMBC Group supports:

  • Account services to query account information, balances and transaction history;
  • Consent services to request and manage consent on behalf of Bank customers;
  • Token services to obtain and manage OAuth2 access;
  • Payment services to initiate and authorise single payments;
  • Signing basket services to authorise a collection of payments; and
  • Sandbox digital signature utility to test your digital signature implementation.

The reader should:

  1. review SMBC Group's implementations of PSD2 APIs (Berlin Group) and the OAuth v2 delegated access model
  2. review the section on using the sandbox including the sandbox API flows
  3. register an account on the developer portal.  We will ask for some basic information, including your company's TPP authorisation number;
  4. register your application in the developer portal to obtain the credentials to interact with our sandbox API environment; and
  5. test your application against our sandbox API environment, making reference to our API documents section to obtain access to the mocked data.

There is no fee to use SMBC Group’s developer portal or for the use of PSD2 related APIs.

To register for an account follow this link and complete all the requested information.

Developer documentation is displayed under each services page under the Our APIs and Getting Started menus.

You do not need to sign contracts with the bank to use our API’s, however you will have to read and agree to our terms of use as part of the registration process. 

While the Callback URL is not important in the context of the sandbox APIs, the format of the Callback URL is. In particular, this has to be a valid fully qualified URL. Both HTTP and HTTPS are acceptable, e.g.,

Yes. SMBC Group offers a contingency solution in the event that our dedicated interface is unavailable. For more information or to sign up please use the contact us page and select the “contingency mechanism” topic.

Please use the contact us page and select the “contingency mechanism” topic requesting onboarding. SMBC Group will in turn request your eIDAS QWAC or equivalent, perform necessary due diligence steps and finally provision access to the contingency site. 

Yes. In light of the recent announcement by the EBA regarding eIDAS certificates post-Brexit and subsequent guidance from the FCA, all UK regulated TPPs currently using eIDAS certificates to access our Open Banking APIs will need to migrate to another type of certificate by the 31st of December 2020.

The certificates we will support for UK based TPPs from this date are:

  • OBWAC/OBSeal certificates issued by OBIE in the UK.
  • WAC/Seal (as opposed to a QWAC/QSeal) certificate issued by one of the QTSPs authorised to issue existing eIDAS certificates.

Non-UK regulated TPPs should continue to use their eIDAS certificates, and ensure they are registered under the United Kingdom’s Temporary Permissions Regime.