# Applications source: https://developer.mastercard.com/open-finance-au/documentation/access-and-config/applications/index.md Applications are web or mobile applications developed by you to provide services to your customers. You must register each of your applications with Mastercard so that FIs recognise your product as being legitimate when accessing the consented accounts of your customers. When creating a customer they must be assigned to the application. Each application has a unique set of customers. ## Registering Applications {#registering-applications} Note: If your application will not be hosted in Australia, contact your Mastercard representative for advice. To register an application for production, you must complete your contract with Sales. As the contract is concluded, you need to request application registration within Mastercard Open Finance system as well as with the Australian Competition and Consumer Commission (ACCC). Depending on whether you are [an ADR, CDR Representative or BCDC partner](https://developer.mastercard.com/open-finance-au/documentation/access-and-config/access-models/index.md), you need to provide the following mandatory information in API call: | As an **ADR** under OSP model | As a **Representative** under CDR Representative model | As a **BCDC** model partner | |----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 1. Application name 2. Legal entity name 3. Policy URL 4. Data complaints email address 5. Software ID 6. Organisation ID 7. Copyright logo 8. Business name 9. From email address 10. Application image | 1. Application name 2. Description 3. Application URL 4. Application image | 1. Application name 2. Description 3. Application URL 4. Application image 5. Disclosure type 6. Data handling policy URL (provided as policyUrl) 7. Data complaint email address | For all applications, Consumer Data Right (CDR) rules require disclosure of information about Outsourced Service Providers (OSPs). To enable Open Finance to provide this information to consumers as part of the consent flow, you must provide the following information for each OSP your application uses: 1. Name of the OSP 2. Accreditation number (optional) 3. Country where the OSP is based 4. OSP CDR policy URL (optional, but mandatory if accreditation number provided) 5. Purpose statement - a statement detailing why the OSP needs access to consumer CDR data
API Reference: `POST /applications` * ADR: * Representative: ```sh curl --location --request POST 'https://api.openbanking.mastercard.com.au/applications' \ --header 'accept: application/json' \ --header 'App-Key: {{appKey}}' \ --header 'App-Token: {{appToken}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "appName": "{{appName}}", "appDescription": "{{appDescription}}", "outsourcedServiceProviders": [ { "name": "Accredited OSP 1", "accreditationNumber": "ADR00OSP1", "country": "Australia", "policyUrl": "https://osp.example.com/policy.html", "purposeStatement": "They'll collect and analyse your data on our behalf. They'll delete your data as soon as they have provided this service on our behalf." }, { "name": "OSP 2", "country": "India", "purposeStatement": "They'll provide analytics services on your data. OSP 2 are based in India." } ], "image": "{{base64AppLogo}}", "legalEntityName": "{{legalName}}", "appUrl": "{{appWebsiteUrl}}", "policyUrl": "{{policyUrl}}", "dataComplaintsEmailAddress": "{{dataComplianceEmail}}", "copyrightLogo": "{{emailCopyrightLogo}}", "businessName": "{{emailCopyrightName}}", "fromEmail": "{{emailFrom}}", "replyToEmail": "{{emailReplyTo}}", "orgId": "{{cdrOrgId}}", "softwareId": "{{cdrSoftwareId}}" }' ``` ```sh curl --location --request POST 'https://api.openbanking.mastercard.com.au/applications' \ --header 'accept: application/json' \ --header 'App-Key: {{appKey}}' \ --header 'App-Token: {{appToken}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "appName": "{{legalNameOfYourOrg}}", "appDescription": "{{appDescription}}", "image": "{{base64OrgLogo}}" }' ``` * Expected response: ```json { "applicationId": "{{applicationId}}", "status": "Pending" } ``` While working on a **Sandbox** , the application registration will happen instantly within Mastercard system and does not require interaction with ACCC as no real Data Holders (DHs) will be accessed. You can use an `applicationId` from the application registration API call straight away to proceed with further implementation and testing. When moving to **Production** , Mastercard will use this information to complete the application registration with CDR register and all supported Data Holders (DHs). A Solution Engineer may contact you during this time to request your support with the registration process. This will take some time (about 1 month). Once the registration process is completed, you will be notified and only then can use the `applicationId` from the response to proceed with further implementation and testing. Note: Once application request is submitted in **Production** environment, please notify your Mastercard Solution Engineer. Warning: The **applicationId** of the approved application is required when creating new customers. See [Customers](https://developer.mastercard.com/open-finance-au/documentation/access-and-config/customers/index.md). An attempt to create a Customer using an `applicationId` of not approved yet application will lead to an error. ## Checking Application Registration Status {#checking-application-registration-status} As application approval process takes long time in Production environment, the following API end point allows to check the status of the application as well as returns its additional details. API Reference: `GET /applications` ```sh curl --location --request GET 'https://api.openbanking.mastercard.com.au/applications?application_id={{applicationId}}' \ --header 'Accept: application/json' \ --header 'App-Key: {{appKey}}' \ --header 'App-Token: {{appToken}}' ``` * Expected response: ```json { "found": 1, "displaying": 1, "moreAvailable": false, "applications": [ { "applicationId": "{{applicationId}}", "status": "Active", "appName": "{{legalNameOfYourOrg}}", "appDescription": "{{appDescription}}", "legalEntityName": "{{legalName}}", "appUrl": "{{appWebsiteUrl}}", "policyUrl": "{{policyUrl}}", "dataComplaintsEmailAddress": "{{dataComplianceEmail}}", "image": "{{base64AppLogo}}", "copyrightLogo": "{{emailCopyrightLogo}}", "businessName": "{{emailCopyrightName}}", "fromEmail": "{{emailFrom}}", "replyToEmail": "{{emailReplyTo}}", "softwareId": "{{cdrSoftwareId}}", "orgId": "{{cdrOrgId}}", "note": "Auto approved", "jwksUrl": "{{jwksUrl}}", "dataRecipientRevocationUrl": "{{revocationUrl}}", "dataRecipientBaseUrl": "{{baseUrl}}", "dataRecipientRedirectUrl": "{{redirectUrl}}", "createdDate": "2024-04-18T16:41:06.00Z", "modifiedDate": "2024-04-18T16:41:06.00Z", "submittedDate": "2024-04-18T16:41:06.00Z" } ] } ``` After the application is approved, Mastercard proceed to registering it with each supported FI. To check what FIs your application can access, use the following end point: API Reference: `GET /applications/{application_id}/institutions` ```sh curl --location --request GET 'https://api.openbanking.mastercard.com.au/applications/{{applicationId}}/institutions' \ --header 'Accept: application/json' \ --header 'App-Key: {{appKey}}' \ --header 'App-Token: {{appToken}}' ``` * Expected response: ```json { "found": 3, "displaying": 3, "moreAvailable": false, "institutions": [ { "institutionId": 2001065, "isAppRegistered": false }, { "institutionId": 2002006, "isAppRegistered": true }, { "institutionId": 2002007, "isAppRegistered": false } ] } ``` ## Dealing with Rejected Application Request {#dealing-with-rejected-application-request} If data provided during application registration does not meet requirements for production environment, such request will be rejected. When you request the status of your application request, the reason of rejection is mentioned in the `note` filed. API Reference: `GET /applications` ```sh curl --location --request GET 'https://api.openbanking.mastercard.com.au/applications?application_id={{applicationId}}' \ --header 'Accept: application/json' \ --header 'App-Key: {{appKey}}' \ --header 'App-Token: {{appToken}}' ``` * Expected response: ```json { "found": 1, "displaying": 1, "moreAvailable": false, "applications": [ { "applicationId": "{{applicationId}}", "status": "Rejected", "appName": "{{legalNameOfYourOrg}}", "appDescription": "{{appDescription}}", "legalEntityName": "{{legalName}}", "appUrl": "{{appWebsiteUrl}}", "policyUrl": "{{policyUrl}}", "dataComplaintsEmailAddress": "{{dataComplianceEmail}}", "image": "{{base64AppLogo}}", "copyrightLogo": "{{emailCopyrightLogo}}", "businessName": "{{emailCopyrightName}}", "fromEmail": "{{emailFrom}}", "replyToEmail": "{{emailReplyTo}}", "softwareId": "{{cdrSoftwareId}}", "orgId": "{{cdrOrgId}}", "note": "CDR policy URL is broken", "jwksUrl": "{{jwksUrl}}", "dataRecipientRevocationUrl": "{{revocationUrl}}", "dataRecipientBaseUrl": "{{baseUrl}}", "dataRecipientRedirectUrl": "{{redirectUrl}}", "createdDate": "2024-04-18T16:41:06.00Z", "modifiedDate": "2024-04-18T16:41:06.00Z", "submittedDate": "2024-04-18T16:41:06.00Z" } ] } ``` After you revisit the submitted data and ensure they are meeting the requirements, you can update your application details calling the following API: API Reference: `PUT /applications/{application_id}` * ADR: * Representative: ```sh curl --location --request PUT 'https://api.openbanking.mastercard.com.au/applications' \ --header 'accept: application/json' \ --header 'App-Key: {{appKey}}' \ --header 'App-Token: {{appToken}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "appName": "{{appName}}", "appDescription": "{{appDescription}}", "image": "{{base64AppLogo}}", "legalEntityName": "{{legalName}}", "appUrl": "{{appWebsiteUrl}}", "policyUrl": "{{policyUrl}}", "dataComplaintsEmailAddress": "{{dataComplianceEmail}}", "copyrightLogo": "{{emailCopyrightLogo}}", "businessName": "{{emailCopyrightName}}", "fromEmail": "{{emailFrom}}", "replyToEmail": "{{emailReplyTo}}", "orgId": "{{cdrOrgId}}", "softwareId": "{{cdrSoftwareId}}" }' ``` ```sh curl --location --request PUT 'https://api.openbanking.mastercard.com.au/applications' \ --header 'accept: application/json' \ --header 'App-Key: {{appKey}}' \ --header 'App-Token: {{appToken}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "appName": "{{legalNameOfYourOrg}}", "appDescription": "{{appDescription}}", "image": "{{base64OrgLogo}}" }' ``` * Expected response: ```json { "applicationId": "{{applicationId}}", "status": "Pending" } ``` Note: Once application update request is submitted or if you have any issues with the process, please notify your Mastercard Solution Engineer. ## Next Steps {#next-steps} * Once the application is approved and you receive an applicationId, you can create active [customers](https://developer.mastercard.com/open-finance-au/documentation/access-and-config/customers/index.md). * To learn more about Consent, which allows you to access your customer's accounts, refer to [Consent](https://developer.mastercard.com/open-finance-au/documentation/consent/index.md). * To learn more about Connect, which allows your customers to consent access to their accounts, refer to the [Connect Application](https://developer.mastercard.com/open-finance-au/documentation/connect/index.md). * For the full list of testing profiles available, refer to [Test Profiles](https://developer.mastercard.com/open-finance-au/documentation/integration-and-testing/test-the-apis/index.md).