left logo image
right logo image
Skip to main content Skip to main content Skip to main content Skip to main content Skip to main content Skip to main content

Sign Up


Terms and Conditions

Open Bank Project Sandbox Terms of Service

1 Definitions

1.1 "TESOBE", "Provider" or "We" refers to TESOBE GmbH, the owner of the Open Bank Project intellectual property and the company that runs the Open Bank Project.

1.2 "Sandbox" refers to the technical development environment powered by Open Bank Project technology. The Open Bank Project provides an open banking platform for banks.

1.3 "User" or "You" or "Developer" refers to a user of the Open Bank Project Sandbox; a person or entity who will interact with the APIs, functions, and data provided by the Sandbox.

1.4 "Services" refers to the set of applications required for the proper functioning of the Sandbox. Including but not limited to the OBP API and developer portal, API Explorer, API Manager, API Tester, authentication services, SDKs, email notifications, applications, and widgets, and any information, text, graphics, photos, logos, graphics, designs, page headers, button icons, scripts, service names, data, or other materials uploaded, downloaded, or appearing on the Services (collectively referred to as "Content").

2 Introduction

2.1 The aim of the Sandbox is to facilitate the rapid creation of innovative “FinTech” and banking-related applications leveraging the test data and Services provided by the Sandbox.

2.2 The basic use of the Sandbox is free to Developers. Some features are made available via subscriptions or "plans". The Provider has no obligation to use the applications or ideas created using the Sandbox or to buy or otherwise contract with the Users.

2.3 These Terms of Service ("Terms") govern your access to and use of the Services. Your access to and use of the Services are conditioned on your acceptance of and compliance with these Terms in full. By accessing or using the Services, you agree to be bound by these Terms. If you disagree with these Terms or any part of them, you must not use these Services.

2.4 If there is a conflict between this Agreement and the general Open Bank Project terms of use, this Agreement will prevail.

2.5 You will be deemed to have accepted the terms of this Agreement as soon as you start using the Services.

3 Who Can Join

3.1 Each User should register for a developer account before accessing the Services.

3.2 Users must be 13 years or over unless they are accompanied by a responsible guardian. Proof of date of birth or permission may be requested.

3.3 The Provider may limit certain functionalities of the Sandbox to certain Users or to certain subscriptions or plans.

3.4 The Provider reserves the right to refuse entry or remove a User from the Sandbox at their sole discretion at any time for any reason.

4 Responsibilities

4.1 Provider Responsibilities

TESOBE commits its best efforts to provide the following:

  • A stable and secure Sandbox environment available as per the SLA below

  • Monitoring and maintenance of the Sandbox

  • Periodic updates

  • Test Data that can be used by Users in their applications

  • Clear Documentation for the available APIs and code examples in selected programming languages

  • Support to the Users as per the SLA below

4.2 User Responsibilities

You acknowledge and agree that you:

  • Will use the Sandbox in a reasonable manner as defined in the Acceptable Use below

  • Shall provide accurate information and reasonable assistance to the Provider in relation to your use of the Services when required

  • Will never try to de-anonymize personal data when available

  • Will only upload data that belongs to You

  • Explicitly notify your users that the application uses a Sandbox instance powered by Open Bank Project and uses test data

  • Will never use the Sandbox with an intention to harm or be deceitful to end users

  • Will consider contributing to the Open Bank Project open-source project with new features, requests, or bug fixes.

5 Applicable Fees

5.1 The Sandbox is free for developers to use.

6 Data Provenance

6.1 Some data has been generated by the Provider. In general, it is test data involving no real customer information. However, depending on the endpoint and/or OBP instance you are using, a combination of synthetic and anonymized data may be available.

6.2 It may be possible to upload your own dataset to the Sandbox. You must not upload "production" data but rather test or synthetic data for applicaiton development testing. Please see the available subscriptions / plans. If you wish to work with production data, please get in touch with the Provider.

7 Available APIs


This Sandbox offers a catalogue of over 600 RESTful APIs.


In general, you can build customer-facing Apps meant to be used by bank account holders, using data from this private account and involving accounts, transactions, balances, metadata, entitlements, payments, onboarding and KYC - such as Personal Finance Management Solutions, online accounting services, saving apps, P2P payment...etc.


You can see a sample list of available APIs below:

  • Banks

  • Users

  • Customers

  • Accounts

  • Counterparties

  • FX

  • Transactions

  • Payments & Transaction Requests

  • Branches & ATMs

  • Products

  • KYC

  • Transaction and Counterparty metadata enrichment

  • Entitlements & Views

  • Manage credit/debit cards


For a full list of all available APIs, please refer to the API Explorer of this Sandbox. You can find it here.

8 Maintenance & Service-Level Agreement (SLA)


Our commitment to availability of the Services is limited to the Services and does neither include possible discomfort nor technical problems and/or any type of external connection. However, TESOBE will use its reasonable endeavours to provide the best possible quality of service and to maintain the Sandbox so as not to cause disruption to its users.


TESOBE reserves the right to plan and carry out service interruptions for tests, updates, network traffic improvement operations, or other reasons.

9 Data Privacy


TESOBE is committed to privacy and commits to never share the end-user’s identifiable data with a third party. See Privacy Statement in annex for more details.




You may cache data for up to one week.


You must not resell the data to others. The exception to this are any Open Data Feeds that the account holder may define.

10 Account Creation & Authentication


To start using the Services, Users need to create an account on the Sandbox.


Developers are provided with Consumer Keys which are enabled by default. The Provider or its partners may review and disable Consumers.


The Sandbox supports four authentication methods:

  • OAuth 1.0a (industry standard, secure, used by Mastercard and Twitter)

  • OAuth 2 + OpenID Connect from providers such as Google.

  • Direct Login (easier to use than OAuth, useful for hackathon contexts and trusted applications, uses JWT)

  • Gateway login only if specifically enabled for a trusted internal environment.


We recommend the use of Direct Login for the purpose of using this sandbox for ease of use.

11 Branding, Trademarks, Intellectual Property


The developer may mention that their applications are “powered by Open Bank Project” but should not use Open Bank Project or TESOBE logos in their applications.


TESOBE, Open Bank Project, openbankproject.com and other Open Bank Project graphics, logos, designs, page headers, button icons, scripts, and service names are registered trademarks, trademarks or trade dress of TESOBE. Open Bank Project’s trademarks and trade dress may not be used in connection with any product or service without the prior written consent of TESOBE. Non-compliance may become a reason for shutting off applications.


TESOBE remains the copyright holder of the Open Bank Project brand, Sandboxes, source code and logos and shall own and retain all right, title and interest, all improvements, enhancements or modifications and all intellectual property rights related to any of the foregoing.


All intellectual property rights in the ideas and applications of a User shall remain vested in the participant who owns them.


Any third party intellectual property rights shall remain vested in the third party or third parties who own them.


In a hackathon context, Third party intellectual property rights must be clearly identified by the hackathon participants as well as the applicable terms of licence and other details relating to use of same.


Hackathon participants agree that they will not infringe the copyright, design, database right or trademark or any other intellectual property rights of any third party including of TESOBE.

12 API Versioning


API Versions. It is understood that TESOBE will periodically deploy new versions of the API sandbox to incorporate new features and fixes. TESOBE will periodically retire API versions as per the policy below.


API Version Naming, compatibility and life time (For versions greater than 2.2.0,) the API versioning used by OBP is based on SemVer (http://semver.org/) i.e. X.Y.Z where X is the major version, Y is the minor version and Z is the patch.


The version can be specified via the URL e.g. /obp/v1.2.1/banks

Note that you cannot specify build versions (e.g. v1.2.1+r3456) via the URL.


If you want to be sure to get a certain version, specify the full patch e.g. 1.3.4. If you do not specify a patch version e.g 1.3 instead of 1.3.4 we may return the highest patch version available for that minor version i.e. 1.3.9


TESOBE ensures that the last three minor versions are available on the OBP API server. e.g. if versions 2.3.0, 2.4.0 and 3.0.0 are available on the server and 3.1.0 is added, 2.3.0 may be removed as long as the minimum lifetime of a minor version is respected.


The minimum lifetime of a minor version is 6 months.


Developers should check the root endpoint for API status regarding end of life.


Versions marked as –alpha or –draft are subject to change without notice.


Build versions may change without notice.

13 Acceptable use


You must not use the Service in any way that causes, or may cause, damage to the Services or impairment of the availability or accessibility of the Services; or in any way which is unlawful, illegal, fraudulent or harmful, or in connection with any unlawful, illegal, fraudulent or harmful purpose or activity.


You must not use the Service to copy, store, host, transmit, send, use, publish or distribute any material which consists of (or is linked to) any spyware, computer virus, Trojan horse, worm, keystroke logger, rootkit or other malicious computer software.


You must not use the Service to store, host, transmit, send, use or distribute any content which is obscene, indecent, pornographic, seditious, offensive, defamatory, threatening, liable to incite racial hatred, menacing, blasphemous, misleading, deceptive, or otherwise defined as objectionable content.


You must not use the Service to transmit or send unsolicited commercial communications.


You must not use the Service for any purposes related to marketing without Provider express written consent.


Fair Usage Policy - TESOBE maintains a fair usage policy to ensure stable and fast service to all users and to protect from DDOS attacks. Sandbox accounts may be rate limited. Any additional usage may result in restrictions on your account including limited access to the service or a requirement to upgrade if the limit is exceeded for several months.

14 Subscriptions to Plans

The Provider may provide certain features via monthly subscriptions to plans. In such a case, if your subscription lapses any data you have uploaded may become unavailable. It is recomended that you keep a backup of data you upload or generate. You can also use the provided APIs to download the data you have created during a subscription period whilst your subscription is still active.

15 Termination


The Provider may terminate or suspend any and all Services and/or your account immediately, without prior notice or liability, for any reason whatsoever, including without limitation if you breach terms and privacy rules, undesirable content rules, commercial restrictions or usage limits.


Where any of the factors for suspension cease to exist then, the Provider reserve the right to reinstate your account.

16 Document Name

The name of this document is 2014-04-30-TESOBE-OBP-API-SANDBOX-rev1

Privacy Policy

OBP Sandbox Privacy Policy

This policy explains what personal information we (Open Bank Project/TESOBE GmbH) collect, how it is used and shared, and what you can do with it. It applies to the API sandbox instance web sites at apisandbox.openbankproject.com, and all related web sites, downloadable software, API platform, mobile applications (including tablet applications), and other services provided by us and on which a link to this Privacy Policy is displayed, and all other communications with individuals though from written or oral means, such as email or phone (collectively, together with the Site, our "Service").

The Service is provided by TESOBE GmbH (herewith "TESOBE"); for contact details, see below.

1. Our Philosophy

  • Data Minimisation We treat your privacy seriously. We only collect the minimum personal data necessary to provide our Service. We do not sell your information or will not share it with a third party without your prior consent.
  • Data Sovereignty You own the content and data you provide to us. It’s yours, not ours, and you are entitled to access it, update it and ask us to delete it any time
  • Privacy by design Our Service, software and processes are designed with privacy in mind. We do not store your data longer than necessary and we make sure it’s easy for you to request a copy or to request that it be deleted.
  • Open by default To the extent that we can, everything we do is in the open. We strive to put our source code and processes under open source licences, free for people to review. We will inform you should there be any changes in our rules.

2. What information do we collect?

We collect different types of information from or through the Service. The most common personal information we collect is your email address. We seldom ask for your name or address unless we need it to, for example, issue an invoice. The legal base for processing your personal data is primarily our legitimate interests. We may also process data upon your explicit consent (for instance when joining our newsletter).

2.1. Information collected automatically

When you use our Service, we may automatically record certain information such as your IP address, web browser and/or device type. We also may collect information regarding your interaction with email messages we send, such as whether you opened, clicked on, or forwarded a message sent to you. This helps us understand how to improve our site and services.

2.2. Information you provide

We collect information you provide to us when you register details on our Services. We may collect and use the following kinds of personal information:

  • Information about your use of the services;
  • Information that you provide for the purpose of registering with the website (including your personal names, e-mail addresses, location, encrypted password);
  • Information that you provide for the purpose of subscribing to the website services (including your end user ID, App name, etc.);
  • Any other information that you send to TESOBE.

2.3. Information provided by others

We collect information about you from other sources such as:

  • Our partners when they recommend you or include you in communications with us including from the Bank
  • Via social media accounts of another user if your settings permit it. For example, if you are someone’s friend on Facebook and haven’t restricted the availability of your data in a common feature/app that you both use.
  • Through publicly available information and online business networks, for example: LinkedIn

If we combine or associate information from other sources with Personal Data that we collect through the Service, we will treat the combined information as Personal Data in accordance with this Policy.

2.4. Minors

While people of all ages may access our Service, we do not intentionally collect information about people under 13 years old. You must be 13 years old or over to sign up or submit any personal information through our Service. If you believe a person under 13 years old has provided us with their personal information, or have any concerns regarding this aspect of our policy, please get in touch.

3. Intend use of Personal Information

We use personal information we collect to provide our services, to improve and optimise what we do, and to protect you and TESOBE GmbH. We may use this information to:

3.1. Operate

We use the collected information to operate, maintain, enhance and provide all features of the Service, to provide the services and information that you request, to respond to comments and questions and to provide support as well as to do business with you (e.g. issue an invoice) and comply with the law (e.g. tax & employment information)

3.2. Communicate

We may use your email address to get in touch. The reason may be:

1) To inform you about our latest news through our monthly newsletter 2) Invite you to events that we or our partners organises 3) Other Administrative tasks such as customer service, surveys or right of privacy violation

You have the ability to opt-out of receiving any promotional communications as described below under "Your Rights".

3.3. Customise & Improve

We might use the collected information to understand and analyze traffic on our services in order to improve the overall experience, and to develop new products, services, feature, and functionality. We might use automatically collected information and other information collected on the Service through cookies and similar technologies to personalize our Service, e.g. to remember your login information so that you do not have to enter it again each time you log on. See our Cookie policy for further details.

4. To Whom We Disclose Information

  • We will not intentionally disclose your Personal information to any third party without your consent unless it is required by law.
  • We use third parties to process your information on our behalf but these services cannot share your data with anyone (see more information in section 8 "Third Party Access").
  • If TESOBE ceases trading, is acquired by or merged with another company, we will inform you in advance and give you the option of downloading and deleting your data.

5. Your Rights

5.1. Access, Update, Export & Deletion

If you wish to access or amend any Personal Data we hold about you, or to request that we delete, export or transfer any information about you, you may contact us as explained in the "How to Contact Us" section or email us with your request at mydata@tesobe.com. At your request, we will have any reference to you deleted or blocked in our database. It may take up to 10 days to process your request.

Please note that there are some records we are required to keep for other regulatory reasons, such as for finance, tax and employment purposes.

At any time, you may object to the processing of your Personal Data, on legitimate grounds, except if otherwise permitted by applicable law. If you believe your right to privacy as granted by applicable data protection laws has been infringed upon, please contact us at mydata@tesobe.com. You also have a right to lodge a complaint with data protection authorities.

5.2. Commercial Communication Opt-out

If you receive commercial emails from us, you may unsubscribe at any time by following the instructions contained within the email or by sending an email to the address provided in the "How to Contact Us" section.

6. Data Retention

We only retain the Personal Data collected from a User for as long as the User’s account is active or otherwise for only as long as we need it to fulfill the purposes for which we have initially collected it, unless otherwise required by law. We regularly review our records to remove or anonymise data if it should no longer be retained. Some records we are required to retain by law for certain lengths of time. These include data retained for tax and employment purposes.

7. Security

We follow industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate administrative, technical and physical safeguards to protect Personal Data as per our information security policy (available on request).

Some of the security measures we use include firewalls, password protection and other access and authentication controls. We use SSL technology to encrypt data during transmission through public internet.

However, we cannot guarantee the total security of any information you transmit to us or which you store on the Service, and you do so at your own risk. If we are informed of a data breach we will contact the relevant authorities and those affected within 72 hours of discovery. If you believe your Personal Data has been compromised, please contact us as explained in the "How to Contact Us" section.

8. Third Party Access

To be able to deliver our Service in an proper way, we use a number of third party services who process your data on our behalf. This is to achieve such tasks as the operation of our email, the hosting of this website and management of documents. We keep an up-to-date list of these third parties that we can share with you should you request it. Some of those third parties include: PipeDrive, MailChimp, Google and Slack.

These third party services are not permitted to share your data with anyone. Most of the websites and services we operate are hosted in Germany; where a company is not based in Germany or the European Economic Area (EEA), or where data may be transferred outside the EEA, we have put in place agreements to ensure that your data is processed as per applicable European law.

9. Cookie Policy

We use automatically collected information and other information collected on the Service through cookies and similar technologies to manage sessions and personalize our Service, such as remembering a User’s or Visitor’s information so that the User or Visitor will not have to re-enter it during a visit or on subsequent visits. The cookies we collect are:

  • strictly necessary/essential cookies - These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies, services you have asked for cannot be provided. These cookies don’t collect information that identifies you.
  • performance cookies - These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies you. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.
  • functionality cookies - These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and to provide enhanced, more personalised features.

10. Changes to Privacy Policy

When we make changes to this policy we will inform registered users and our customers before changes take effect. The date at the bottom of this page will also be updated to reflect the effective date of any changes. We will also archive the older version of the policy.

11. How to Contact Us

TESOBE is the company behind the Open Bank Project. You can contact us via:

Osloer Strasse 16/17
D-13359 Berlin, Germany
Tel. +49 (0)30 8145 3994

X/Twitter: @OpenBankProject

Email: contact@tesobe.com

For any data privacy issue or query about this privacy policy, please email mydata@tesobe.com

Last update: May 3, 2024

Annex I - List of Sub-processors

TESOBE uses a range of third party Sub-processors to assist it in providing the Service (as described in the Privacy Policy). These Sub-processors set out below provide cloud hosting and storage services; content delivery and review services; assist in providing customer support; as well as incident tracking, response, diagnosis and resolution services.

Entity Name Corporate Location
Amazon AWS USA
Eventbrite USA
GitHub USA
Google USA
Hetzner Germany
MailChimp USA
PipeDrive USA
VarioMedia Germany