# Reference Implementation
source: https://developer.mastercard.com/open-finance-data/documentation/reference-application/index.md

### Account Opening Reference Application {#account-opening-reference-application}

The Account Opening Reference Application is available here as a zip file:
[reference-app.zip](https://static.developer.mastercard.com/content/open-finance-data/documents/reference-app.zip) (47KB)

#### What it is and why it matters {#what-it-is-and-why-it-matters}

This reference application is a downloadable, minimal implementation of the Account Opening happy path that you can run end-to-end. It is designed for developers integrating with our APIs and demonstrates the correct API call sequence, with full request/response payloads and headers logged to the console, so you can quickly understand the flow and copy working code into your own implementation.

The application performs OAuth 2.0 client credentials with JWT assertion, creates consent, initiates a managed or self-hosted flow, retrieves accounts (including holders), and returns one of the following outcomes: Verified, Not verified, or Inconclusive. Use it to de-risk your integration early and validate sequencing, payloads, and headers before wiring the flow into your stack.
Note: **Production readiness:** This starter code is intentionally minimal. Production implementations should add robust error handling, retries, observability, and security best practices.

#### Where it fits in the flow {#where-it-fits-in-the-flow}

The application maps one-to-one to the steps in this guide:

|      **Module**       |                                   **Implementation**                                   |
|-----------------------|----------------------------------------------------------------------------------------|
| Authentication module | JWT creation and signing, token lifecycle management                                   |
| Consent module        | PSU identifiers and scopes for Account Opening                                         |
| Flow orchestration    | Managed or self-hosted, redirect handling, state validation, correlation identifiers   |
| Data module           | `GET /accounts?include=holders` with deterministic account selection and name matching |

The app runs against the European Union sandbox, logs consent and flow identifiers for traceability, and keeps configuration (base URL, client identifier, key identifier, redirect URL) in environment variables, so you can switch regions/environments without code changes.

#### What you will do next {#what-you-will-do-next}

* Download the reference application and run it from the console.
* Set environment variables and keys/certificates.
* Start the application and use the built-in route to create consent and launch the flow.
* Complete the bank redirect.
* Review console logs for full request/response details and lifecycle progression.
* Review the returned account/holder data feeding the decision.
* Copy relevant snippets into your own application (or use the structure as your baseline), then extend with production-grade logic as needed.