{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"38c88582-4de3-40cf-8ca9-31a55d108424","name":"Secure API Gateway v3.x.x - Plain FAPI","description":"# Welcome to the Postman Collection for the Secure API Gateway, Plain FAPI Edition.\n\nThis collection can be used to try out the [Secure API Gateway](https://github.com/SecureApiGateway) Plain FAPI API. This API is used in order to achieve OIDF FAPI conformance, and serves as a demonstration of how to protect an API using SAPI-G.\n\nThe Secure API Gateway is an Open Source project inititated by ForgeRock. It uses ForgeRock's Identity Gateway and Identity Cloud to provide FAPI level **Identity and Access Management for your APIs**. It is intended to be used by ForgeRock customers wishing to develop highly secure APIs that are protected by;\n\n- Dynamic Client Registration - Use API endpoints to securely register a client to use the protected API. The client must have both TLS certificates and a Software Statment Assertion issued by a trusted directory\n- Mutual Auth TLS (MTLS) - client certs issued by a trusted directory are used to identify both client and server in the TLS transport layer encryption\n- Software Statement bound Access Tokens. Checks are made during API access to ensure that the MTLS certificate presented by the Api Client and the presented access_token are associated with the same software statement in the trusted directory\n    \n\n## Environment variables:\n\n- This is meant to be run with the environment **v3.x release cluster**\n    \n\n#### Variables Types:\n\nThere are two kind of variables used across this collection:\n\n- The upper case with dash variables (_**VAR-NAME**_) are used as constants dynamically in the requests and they need to be initialise with the proper values before run any collection request.\n- The lower case with underscore variables (_**dynamic_var_name**_) are created dynamically when a request is running and are used across the next requests, these variables are updated with the proper value depending of the request step. These variables can be deleted to reset the environment variables.\n    \n\n## Initialise the collection\n\nTo start sending request to **SAPI-G Open Banking edition**, make sure that you have set the **CURRENT VALUE** of below environment variables first:\n\n| **Variable** | **Description** | **INITIAL VALUE** |\n| --- | --- | --- |\n| ENVIRONMENT | Environment to send the request, this value will be replace in the FQDN variables defined. | dev |\n| IG-FQDN | Identity Gateway Host name | obdemo.{ENVIRONMENT}.forgerock.financial |\n| IDENTITY-PLATFORM-FQDN | Identity platform Host name | iam.{ENVIRONMENT}.forgerock.financial |\n| REALM | Identity access management realm name | alpha |\n| OB-SIGNING-KEY-ID | OB Directory Signing key Id | add kid to Current Value column -> |\n| TOKEN_ENDPOINT_AUTH_METHOD | The token_endpoint_auth_method to request during Dynamic Client Registration. To be FAPI compliant this must be tls_client_auth or private_key_jwt | tls_client_auth |\n| OB-SEAL-PRIVATE-KEY | OB Seal private key | add pem to Current Value column -> |\n| OB-SOFTWARE-ID | OB Directory Software Statement Client Id |  |\n| OB-SCOPES | Scopes expected by OB directory to obtain the access token from OB Authorisation server | ASPSPReadAccess TPPReadAccess AuthoritiesReadAccess |\n| OB-AUDIENCE | Auth resource identifier | [https://matls-sso.openbankingtest.org.uk/as/token.oauth2](https://matls-sso.openbankingtest.org.uk/as/token.oauth2) |\n| OB-TOKEN-URL | OB directory Access token endpoint | [https://matls-sso.openbankingtest.org.uk/as/token.oauth2](https://matls-sso.openbankingtest.org.uk/as/token.oauth2) |\n| OB-SSA-URL | OB directory endpoint to retrieve an SSA | [https://matls-dirapi.openbankingtest.org.uk](https://matls-dirapi.openbankingtest.org.uk) |\n| OB-ORGANIZATION-ID | OB directory Organisation ID | add Open Banking TPP Organization Id here to Current Value column -> |\n\n> After set these variables you need initialise the collection running the","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":false,"owner":"29272036","collectionId":"38c88582-4de3-40cf-8ca9-31a55d108424","publishedId":"2sAXjKasCk","public":true,"publicUrl":"https://postman.core-sandbox-v3.forgerock.financial","privateUrl":"https://go.postman.co/documentation/29272036-38c88582-4de3-40cf-8ca9-31a55d108424","customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"},"documentationLayout":"classic-double-column","customisation":{"metaTags":[{"name":"description","value":""},{"name":"title","value":""}],"appearance":{"default":"light","themes":[{"name":"dark","logo":null,"colors":{"top-bar":"212121","right-sidebar":"303030","highlight":"FF6C37"}},{"name":"light","logo":null,"colors":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"}}]}},"version":"8.10.1","publishDate":"2024-08-30T09:45:40.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{"title":"","description":""},"logos":{"logoLight":null,"logoDark":null}},"statusCode":200},"environments":[{"name":"SAPI-G: v3.x.x Plain FAPI","id":"cf6bcc36-0c6f-40fa-8179-16207f404265","owner":"29272036","values":[{"key":"ENVIRONMENT","value":"core-sandbox-v3","enabled":true,"type":"default"},{"key":"IG-FQDN","value":"sapig.{{ENVIRONMENT}}.forgerock.financial","enabled":true,"type":"default"},{"key":"TRUSTEDDIR-FQDN","value":"test-trusted-directory.{{ENVIRONMENT}}.forgerock.financial","enabled":true,"type":"default"},{"key":"MTLS-IG-FQDN","value":"mtls.sapig.{{ENVIRONMENT}}.forgerock.financial","enabled":true,"type":"default"},{"key":"IDENTITY-PLATFORM-FQDN","value":"iam.{{ENVIRONMENT}}.forgerock.financial","enabled":true,"type":"any"},{"key":"AM_REALM","value":"bravo","enabled":true,"type":"default"},{"key":"OB-SIGNING-KEY-ID","value":"CONSTANT: OB SIGNING KEY ID","enabled":true,"type":"default"},{"key":"OB-SEAL-PRIVATE-KEY","value":"CONSTANT: OB-SEAL-PRIVATE-KEY","enabled":true,"type":"default"},{"key":"TOKEN_ENDPOINT_AUTH_METHOD","value":"private_key_jwt","enabled":true,"type":"default"},{"key":"OB-TLS-CERT-DN","value":"CN=0015800001041REAAY, OID.2.5.4.97=PSDGB-OB-Unknown0015800001041REAAY, O=FORGEROCK LIMITED, C=GB","enabled":true,"type":"default"},{"key":"USE_PUSHED_AUTHORIZATION_REQUESTS","value":"false","enabled":true,"type":"default"},{"key":"AUTHORIZE_REQUEST_ACR","value":"urn:mace:incommon:iap:silver","enabled":true,"type":"default"},{"key":"OB-SOFTWARE-ID","value":"","enabled":true,"type":"default"},{"key":"OB-ORGANIZATION-ID","value":"","enabled":true,"type":"default"},{"key":"OB-SCOPES","value":"ASPSPReadAccess TPPReadAccess AuthoritiesReadAccess","enabled":true,"type":"default"},{"key":"OB-AUDIENCE","value":"https://matls-sso.openbankingtest.org.uk/as/token.oauth2","enabled":true,"type":"default"},{"key":"OB-TOKEN-URL","value":"https://matls-sso.openbankingtest.org.uk/as/token.oauth2","enabled":true,"type":"default"},{"key":"OB-SSA-URL","value":"https://matls-dirapi.openbankingtest.org.uk","enabled":true,"type":"default"},{"key":"=========== TEMPORARY VARS BELOW HERE =========","value":"==============================================","enabled":true,"type":"default"},{"key":"as_issuer_id","value":"","enabled":true,"type":"any"},{"key":"as_introspection_endpoint","value":"","enabled":true,"type":"any"},{"key":"as_userinfo_endpoint","value":"","enabled":true,"type":"any"},{"key":"as_authorization_endpoint","value":"","enabled":true,"type":"any"},{"key":"as_authentication_endpoint","value":"","enabled":true,"type":"any"},{"key":"as_token_endpoint","value":"","enabled":true,"type":"any"},{"key":"aspsp_registration_endpoint","value":"","enabled":true,"type":"any"},{"key":"psu_auth_code","value":"","enabled":true,"type":"any"},{"key":"jsrsasign_js","value":"","enabled":true,"type":"any"},{"key":"pmlib_code","value":"","enabled":true,"type":"any"},{"key":"dynamic_registration_request","value":"","enabled":true,"type":"any"},{"key":"dynamic_registration_request_raw_data","value":"","enabled":true,"type":"any"},{"key":"ob_jwt_signed","value":"","enabled":true,"type":"any"},{"key":"ob_access_token","value":"","enabled":true,"type":"any"},{"key":"ssa_jwt","value":"","enabled":true,"type":"any"},{"key":"generated_software_id","value":"","enabled":true,"type":"any"},{"key":"client_credential_jwt","value":"","enabled":true,"type":"any"},{"key":"access_token","value":"","enabled":true,"type":"any"},{"key":"id_token","value":"","enabled":true,"type":"any"},{"key":"client_id","value":"","enabled":true,"type":"any"},{"key":"client_secret","value":"","enabled":true,"type":"any"},{"key":"client_redirect_uri","value":"","enabled":true,"type":"any"},{"key":"registration_access_token","value":"","enabled":true,"type":"any"},{"key":"account_intent_id","value":"","enabled":true,"type":"any"},{"key":"client_jws_helpers","value":"","enabled":true,"type":"any"},{"key":"client_credential_access_token_with_account_scope","value":"","enabled":true,"type":"any"},{"key":"authorize_url","value":"","enabled":true,"type":"any"},{"key":"access_token_with_account_access_consent","value":"","enabled":true,"type":"any"},{"key":"refresh_token_with_account_access_consent","value":"","enabled":true,"type":"any"},{"key":"client_credential_access_token_with_payments_scope","value":"","enabled":true,"type":"any"},{"key":"x_jws_signature","value":"","enabled":true,"type":"any"},{"key":"consent_type","value":"","enabled":true,"type":"any"},{"key":"domestic_payment_consent_id","value":"","enabled":true,"type":"any"},{"key":"authenticate_url","value":"","enabled":true,"type":"any"},{"key":"access_token_with_domestic_payment_consent","value":"","enabled":true,"type":"any"},{"key":"refresh_token_with_domestic_payment_consent","value":"","enabled":true,"type":"any"},{"key":"domestic_payment_id","value":"","enabled":true,"type":"any"},{"key":"account_request_id","value":"","enabled":true,"type":"any"},{"key":"account_id","value":"","enabled":true,"type":"any"},{"key":"account_identification","value":"","enabled":true,"type":"any"},{"key":"account_name","value":"","enabled":true,"type":"any"},{"key":"debtor_account_id","value":"","enabled":true,"type":"any"},{"key":"debtor_account_identification","value":"","enabled":true,"type":"any"},{"key":"debtor_account_name","value":"","enabled":true,"type":"any"},{"key":"offer_id","value":"","enabled":true,"type":"any"},{"key":"party_id","value":"","enabled":true,"type":"any"},{"key":"domestic_payment_intent_id","value":"","enabled":true,"type":"any"},{"key":"dynamic_registration_request_updated","value":"","enabled":true,"type":"any"},{"key":"domestic_vrp_payment_consent_id","value":"","enabled":true,"type":"any"},{"key":"json_file_payment_consent_id","value":"","enabled":true,"type":"any"},{"key":"domestic_scheduled_payment_consent_id","value":"","enabled":true,"type":"any"},{"key":"domestic_standing_order_payment_consent_id","value":"","enabled":true,"type":"any"},{"key":"domestic_standing_order_intent_id","value":"","enabled":true,"type":"any"},{"key":"international_payment_consent_id","value":"","enabled":true,"type":"any"},{"key":"international_scheduled_payment_consent_id","value":"","enabled":true,"type":"any"},{"key":"international_standing_order_payment_consent_id","value":"","enabled":true,"type":"any"},{"key":"pushed_authorization_request_endpoint","value":"","enabled":true,"type":"any"},{"key":"client_must_use_par","value":"","enabled":true,"type":"any"},{"key":"constructed_pushed_authorization_request_endpoint","value":"","enabled":true,"type":"any"},{"key":"par_accounts_auth_request_jwt","value":"","enabled":true,"type":"any"},{"key":"modified_pushed_authorization_request_endpoint","value":"","enabled":true,"type":"any"},{"key":"use_pushed_authorization_request","value":"","enabled":true,"type":"any"},{"key":"pkce_verifier","value":"","enabled":true,"type":"any"},{"key":"pkce_challenge","value":"","enabled":true,"type":"any"},{"key":"pkce_challenge_method","value":"","enabled":true,"type":"any"},{"key":"par_request_uri","value":"","enabled":true,"type":"any"},{"key":"ApiClientJWKs","value":"","enabled":true,"type":"any"},{"key":"exp","value":"","enabled":true,"type":"any"},{"key":"SSA_JWT_SERIALISED","value":"","enabled":true,"type":"any"},{"key":"expirationDateTime","value":"","enabled":true,"type":"any"},{"key":"access_token_with_international_standing_order_payment_consent","value":"","enabled":true,"type":"any"},{"key":"refresh_token_with_international_standing_order_payment_consent","value":"","enabled":true,"type":"any"},{"key":"international_standing_order_id","value":"","enabled":true,"type":"any"},{"key":"client_credential_access_token_with_funds_confirmation_scope","value":"","enabled":true,"type":"any"},{"key":"funds_confirmation_consent_id","value":"","enabled":true,"type":"any"},{"key":"access_token_with_fundsconformations_consent","value":"","enabled":true,"type":"any"},{"key":"refresh_token_with_fundsconformations_consent","value":"","enabled":true,"type":"any"},{"key":"access_token_with_accounts_payments_and_fundsconformations_scope","value":"","enabled":true,"type":"any"},{"key":"id_token_with_accounts_payments_and_fundsconformations_scope","value":"","enabled":true,"type":"any"},{"key":"jti","value":"","enabled":true,"type":"any"},{"key":"access_token_with_json_file_payment_consent","value":"","enabled":true,"type":"any"},{"key":"refresh_token_with_json_file_payment_consent","value":"","enabled":true,"type":"any"},{"key":"json_file_payment_id","value":"","enabled":true,"type":"any"},{"key":"access_token_with_domestic_vrp_payment_consent","value":"","enabled":true,"type":"any"},{"key":"refresh_token_with_domestic_vrp_payment_consent","value":"","enabled":true,"type":"any"},{"key":"domestic_vrp_id","value":"","enabled":true,"type":"any"},{"key":"statement_id","value":"","enabled":true,"type":"any"},{"key":"login_url","value":"","enabled":true,"type":"any"},{"key":"auth_with_consent_url","value":"","enabled":true,"type":"any"},{"key":"sso_token_id","value":"","enabled":true,"type":"any"},{"key":"authorize_with_acr","value":"","enabled":true,"type":"any"},{"key":"consent_response","value":"","enabled":true,"type":"any"},{"key":"headless_authorize_state","value":"","enabled":true,"type":"any"},{"key":"headless_authorize_nonce","value":"","enabled":true,"type":"any"}],"published":true}],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/c61d12d7415b7bb4ac1bfe53b7e004858698cbdd0ae946c2da0fe9e65ea26979","favicon":"https://forgerock.financial/favicon.ico"},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"},{"label":"SAPI-G: v3.x.x Plain FAPI","value":"29272036-cf6bcc36-0c6f-40fa-8179-16207f404265"}],"canonicalUrl":"https://postman.core-sandbox-v3.forgerock.financial/view/metadata/2sAXjKasCk"}