> ## Documentation Index
> Fetch the complete documentation index at: https://docs-sandbox.sparkle.fyi/llms.txt
> Use this file to discover all available pages before exploring further.

# Quickstart

> Get started with the Open Banking API in minutes

# Quickstart Guide

Get up and running with the Open Banking API in just a few minutes. This guide will walk you through registering your application, authenticating, and making your first API call.

## Prerequisites

Before you begin, ensure you have:

* Valid contact information (name, email address, phone number, and address)
* A valid business email address
* Basic knowledge of REST APIs and OAuth 2.0
* A secure HTTPS redirect URL for OAuth 2.0 callbacks
* A development environment ready

## Quick Start

<Steps>
  <Step title="Register Application">
    **First, Register your application** using [Dynamic Client Registration API](/guides/developer-onboarding) and get your credentials (client id and secret)

    <Accordion title="Sample Request">
      <CodeGroup>
        ```bash cURL theme={null}
        curl -X POST ${AUTH_BASE_URL}/dcr \
          -d '{
            "username": "ciroma.chukwuma@adekunle.com",
            "password": "veryStrongPassword",
            "app_name": "Test Open Banking App",
            "app_description": "My Test Open Banking App",
            "app_developer_name": "Fantastic Fintech Ltd",
            "app_developer_address": "Plot 35, Okokomaiko Lane, Lagos",
            "app_developer_contact_email": "ciroma.chukwuma@adekunle",
            "app_developer_contact_phone": "04022404014",
            "redirect_url": "https://myapps.com/callback"
        }'
        ```

        ```javascript JavaScript theme={null}
        const response = await fetch('${AUTH_BASE_URL}/dcr', {
          body: new Body({
            username: 'ciroma.chukwuma@adekunle.com',
            password: 'veryStrongPassword',
            app_name: 'Test Open Banking App',
            app_description: 'My Test Open Banking App',
            app_developer_name: 'Fantastic Fintech Ltd',
            app_developer_address: 'Plot 35, Okokomaiko Lane, Lagos',
            app_developer_contact_email: 'ciroma.chukwuma@adekunle.com',
            app_developer_contact_phone: '04022404014',
            redirect_url: 'https://myapps.com/callback'
          })
        });

        const credentials = await response.json();
        console.log('Credentials:', credentials);
        ```

        ```python Python theme={null}
        response = requests.get('${API_BASE_URL}/v1/openapi/accounts', data={
                'username': 'ciroma.chukwuma@adekunle.com',
                'password': 'veryStrongPassword',
                'app_name': 'Test Open Banking App',
                'app_description': 'My Test Open Banking App',
                'app_developer_name': 'Fantastic Fintech Ltd',
                'app_developer_address': 'Plot 35, Okokomaiko Lane, Lagos',
                'app_developer_contact_email': 'ciroma.chukwuma@adekunle.com',
                'app_developer_contact_phone': '04022404014',
                'redirect_url': 'https://myapps.com/callback'
            })

        credentials = response.json()
        print('Credentials:', credentials)
        ```
      </CodeGroup>
    </Accordion>

    <Note>
      In sandbox, you'll receive credentials immediately whereas in production, the credential status will be `PENDING_APPROVAL`. Once approved by Sparkle team, you will be notified, you can call the GET /dcr API to retrieve your credentials.
    </Note>
  </Step>

  <Step title="Authenticate customer and get their authorisation to access their resoruces">
    **[Authenticate customer and get their approval](/api-reference/authentication)** to access their resources (e.g. Account information resources, Payment Initiation etc). There are 4 main method for authorisation, choose whichever is most applicable:

    * **Device Code Authorisation** - For dumb devices i.e. where customer `does not` have the capability to complete Sparkle authentication on a desktop computer or smart phone i.e. they can only authenticate via USSD or SMS
    * **Authorisation code** - For smart devices i.e. where customer has capability to complete Sparkle authentication on a desktop computer or smart phone
    * **Authorisation code with PKCE** - For smart (unsafe) devices e.g. Single Page Applications
    * **Client Credentials** - For API resources that does not require customer consent/approval e.g. Get Biller Categories

    Sample code that shows how to implement OAuth 2 authorisation

    <Accordion title="Sample Request">
      <CodeGroup>
        ```javascript JavaScript theme={null}

        // Authorisation via PKCE challenge
        const generatePKCE = () => {
          const codeVerifier = crypto.randomUUID();
          const codeChallenge = btoa(codeVerifier);
          return { codeVerifier, codeChallenge };
        };

        // Step 1: Redirect user to authorization URL
        const { codeVerifier, codeChallenge } = generatePKCE();
        const authUrl = `${AUTH_BASE_URL}/oauth/authorize?` +
          `client_id=${credentials.client_id}&` +
          `redirect_uri=${encodeURIComponent(credentials.redirect_urls[0])}&` +
          `response_type=code&` +
          `scope=accounts payments&` +
          `code_challenge=${codeChallenge}&` +
          `code_challenge_method=S256`;

        window.location.href = authUrl;

        // Step 2: Exchange authorization code for access token
        const exchangeCodeForToken = async (code) => {
          const response = await fetch('${AUTH_BASE_URL}/oauth/token', {
            method: 'POST',
            headers: {
              'Content-Type': 'application/x-www-form-urlencoded'
            },
            body: new URLSearchParams({
              grant_type: 'authorization_code',
              client_id: credentials.client_id,
              client_secret: credentials.client_secret,
              code: code,
              redirect_uri: credentials.redirect_urls[0],
              code_verifier: codeVerifier
            })
          });

          const tokenData = await response.json();
          return tokenData.access_token;
        };
        ```

        ```python Python theme={null}
        import base64
        import hashlib
        import secrets
        import requests

        // Authorisation via PKCE challenge
        def generate_pkce():
            code_verifier = secrets.token_urlsafe(32)
            code_challenge = base64.urlsafe_b64encode(
                hashlib.sha256(code_verifier.encode()).digest()
            ).decode().rstrip('=')
            return code_verifier, code_challenge

        # Step 1: Generate authorization URL
        code_verifier, code_challenge = generate_pkce()
        auth_url = f"${AUTH_BASE_URL}/oauth/authorize?" + \
            f"client_id={credentials['client_id']}&" + \
            f"redirect_uri={credentials['redirect_urls'][0]}&" + \
            f"response_type=code&" + \
            f"scope=accounts payments&" + \
            f"code_challenge={code_challenge}&" + \
            f"code_challenge_method=S256"

        print(f"Redirect user to: {auth_url}")

        # Step 2: Exchange authorization code for access token
        def exchange_code_for_token(code):
            response = requests.post('${AUTH_BASE_URL}/oauth/token', data={
                'grant_type': 'authorization_code',
                'client_id': credentials['client_id'],
                'client_secret': credentials['client_secret'],
                'code': code,
                'redirect_uri': credentials['redirect_urls'][0],
                'code_verifier': code_verifier
            })
            
            token_data = response.json()
            return token_data['access_token']
        ```
      </CodeGroup>
    </Accordion>
  </Step>

  <Step title="Make API call">
    **Make your first API call** to retrieve customer information

    Now you can make API calls using your access token:

    <Accordion title="Sample Request">
      <CodeGroup>
        ```bash cURL theme={null}
        curl -X GET ${API_BASE_URL}/v1/openapi/accounts \
          -H "Authorization: Bearer ${YOUR_ACCESS_TOKEN}" \
          -H "idempotency_key: ${IDEMPOTENCY_KEY}" \
          -H "signature: ${SIGNATURE}"
        ```

        ```javascript JavaScript theme={null}
        const response = await fetch('${API_BASE_URL}/v1/openapi/accounts', {
          headers: {
            'Authorization': `Bearer ${ACCESS_TOKEN}`,
            'idempotency_key': ${IDEMPOTENCY_KEY},
            'signature': ${SIGNATURE}
          }
        });

        const accounts = await response.json();
        console.log('Accounts:', accounts);
        ```

        ```python Python theme={null}
        response = requests.get('${API_BASE_URL}/v1/openapi/accounts', headers={
            'Authorization': f'Bearer {access_token}',
            'idempotency_key': ${IDEMPOTENCY_KEY},
            'signature': ${SIGNATURE}
        })

        accounts = response.json()
        print('Accounts:', accounts)
        ```
      </CodeGroup>
    </Accordion>
  </Step>

  <Step title="Build your application">
    **Build your application** using our [comprehensive APIs](/api-reference/introduction)
  </Step>
</Steps>

<Button href="/quickstart" size="sm">
  Get Started
</Button>

## Next Steps

Congratulations! You've successfully:

1. ✅ Registered your application
2. ✅ Implemented OAuth authentication
3. ✅ Made your first API call

Now you can explore more features:

* [Customer Management](/guides/customers) - Manage customer information and relationships
* [Account Information](/api-reference/accounts) - Get detailed account data
* [Transfers](/guides/transfers) - Process money transfers between accounts
* [Bill Payment](/guides/bill-payment) - Process money transfers between accounts
* [Card Management](/guides/card-management) - Manage Payment Cards
* [Loan Information](/guides/loans) - Access customer Loan Information

<Button href="/guides/developer-onboarding" size="sm">
  Onboard as a Developer
</Button>

<Note>
  Remember to store your credentials securely and never expose them in client-side code.For Single Page Applications (SPA), use OAuth 2.0 with PKCE.  Always use environment variables for sensitive information.
</Note>
