UK Open Banking · OAuth Scopes

UK Open Banking OAuth Scopes

OAuth 2.0 derived

UK Open Banking publishes 3 OAuth 2.0 scopes via the clientCredentials and authorizationCode flows. Scopes are the fine-grained permissions an application requests at authorization time to act against the UK Open Banking API on a user’s behalf.

Tokens are issued from https://authserver.example/token.

This index is generated from the provider’s OpenAPI security definitions (and, where available, its documented scope reference) and refreshes on every APIs.io network build. Browse every provider’s scopes at scopes.apis.io.

Open BankingFinancial ServicesPaymentsAccount InformationPSD2UKBankingFintechRegulated
Scopes: 3 Flows: clientCredentials, authorizationCode Method: derived

OAuth endpoints

Authorization URL
https://authserver.example/authorization
Token URL
https://authserver.example/token
Flows
clientCredentialsauthorizationCode

Scopes (3)

ScopeDescriptionFlows
accounts Ability to read Accounts information authorizationCode, clientCredentials
fundsconfirmations Funds confirmation entitlement authorizationCode, clientCredentials
payments Generic payment scope authorizationCode, clientCredentials

Source

OAuth Scopes

open-banking-uk-scopes.yml Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/account-info-openapi.yaml, openapi/confirmation-funds-openapi.yaml, openapi/event-notifications-openapi.yaml,
  openapi/events-openapi.yaml, openapi/payment-initiation-openapi.yaml, openapi/vrp-openapi.yaml
schemes:
- name: TPPOAuth2Security
  source: openapi/account-info-openapi.yaml
  flows:
  - flow: clientCredentials
    tokenUrl: https://authserver.example/token
  description: TPP client credential authorisation flow with the ASPSP
- name: PSUOAuth2Security
  source: openapi/account-info-openapi.yaml
  flows:
  - flow: authorizationCode
    authorizationUrl: https://authserver.example/authorization
    tokenUrl: https://authserver.example/token
  description: OAuth flow, it is required when the PSU needs to perform SCA with the ASPSP when
    a TPP wants to access an ASPSP resource owned by the PSU
- name: TPPOAuth2Security
  source: openapi/confirmation-funds-openapi.yaml
  flows:
  - flow: clientCredentials
    tokenUrl: https://authserver.example/token
  description: TPP client credential authorisation flow with the ASPSP
- name: PSUOAuth2Security
  source: openapi/confirmation-funds-openapi.yaml
  flows:
  - flow: authorizationCode
    authorizationUrl: https://authserver.example/authorization
    tokenUrl: https://authserver.example/token
  description: OAuth flow, it is required when the PSU needs to perform SCA with the ASPSP when
    a TPP wants to access an ASPSP resource owned by the PSU
- name: TPPOAuth2Security
  source: openapi/event-notifications-openapi.yaml
  flows:
  - flow: clientCredentials
    tokenUrl: https://authserver.example/token
  description: TPP client credential authorisation flow with the ASPSP
- name: TPPOAuth2Security
  source: openapi/events-openapi.yaml
  flows:
  - flow: clientCredentials
    tokenUrl: https://authserver.example/token
  description: TPP client credential authorisation flow with the ASPSP
- name: TPPOAuth2Security
  source: openapi/payment-initiation-openapi.yaml
  flows:
  - flow: clientCredentials
    tokenUrl: https://authserver.example/token
  description: TPP client credential authorisation flow with the ASPSP
- name: PSUOAuth2Security
  source: openapi/payment-initiation-openapi.yaml
  flows:
  - flow: authorizationCode
    authorizationUrl: https://authserver.example/authorization
    tokenUrl: https://authserver.example/token
  description: OAuth flow, it is required when the PSU needs to perform SCA with the ASPSP when
    a TPP wants to access an ASPSP resource owned by the PSU
- name: TPPOAuth2Security
  source: openapi/vrp-openapi.yaml
  flows:
  - flow: clientCredentials
    tokenUrl: https://authserver.example/token
  description: TPP client credential authorisation flow with the ASPSP
- name: PSUOAuth2Security
  source: openapi/vrp-openapi.yaml
  flows:
  - flow: authorizationCode
    authorizationUrl: https://authserver.example/authorization
    tokenUrl: https://authserver.example/token
  description: OAuth flow, it is required when the PSU needs to perform SCA with the ASPSP when
    a TPP wants to access an ASPSP resource owned by the PSU
scopes:
- scope: accounts
  description: Ability to read Accounts information
  flows:
  - authorizationCode
  - clientCredentials
  sources:
  - openapi/account-info-openapi.yaml
  - openapi/event-notifications-openapi.yaml
  - openapi/events-openapi.yaml
- scope: fundsconfirmations
  description: Funds confirmation entitlement
  flows:
  - authorizationCode
  - clientCredentials
  sources:
  - openapi/confirmation-funds-openapi.yaml
  - openapi/event-notifications-openapi.yaml
  - openapi/events-openapi.yaml
- scope: payments
  description: Generic payment scope
  flows:
  - authorizationCode
  - clientCredentials
  sources:
  - openapi/event-notifications-openapi.yaml
  - openapi/events-openapi.yaml
  - openapi/payment-initiation-openapi.yaml
  - openapi/vrp-openapi.yaml