🕒 5 minute read

Walkthrough – Creating an Application

Step 1 – Navigate to '+ New Application'

1. Navigate to your organisation.
2. Open the Applications section.
3. Click + New Application.

Step 2 – Select the application roles

1. Select the roles for your application. Roles define what the application is permitted to do. You can assign multiple roles, but only roles that are already assigned to your organisation are available for selection.

Choose roles carefully — they can't be changed later

The roles you select here determine what this application is permitted to do. Once the application has been registered with an LFI, editing its roles in the Trust Framework has no effect. If the roles later need to change, you must disable the existing application, create a new one with the correct roles, and register it again. Make sure the selected roles (BSIP, BDSP, ISP) match the app's intended functionality before continuing.

Step 3 – Provide the Client Details

1. Client Name — enter a clear, human-readable name that identifies this application (e.g. My TPP – Production). This name may be visible to users during consent flows.
2. Software Version — enter the version of your software (e.g. 1.0.0). Use a consistent versioning scheme so you can distinguish between releases in the directory.
3. Logo — upload a clear, recognisable logo. This image is shown to users on the redirect screen when returning from an LFI, so it should accurately represent the application to a User.
4. Federation — we recommend setting Federation to Enabled and Federation Entity Management Type to Managed. This allows the Trust Framework to automatically publish and maintain your application's federation metadata, so LFIs can discover and validate your client without manual configuration.

Step 4 – Provide the Redirect URI

1. Enter the Redirect URI — the HTTPS endpoint(s) in your application that the LFI will redirect the user back to after authentication or authorisation. The redirect_uri sent in the PAR request must exactly match one of the values registered here.

INFO

You can register multiple redirect URIs if your application requires them (e.g. separate URIs for different environments). See Redirect URIs for full guidance.

Step 5 – Add Webhook URIs (optional)

If your application will receive event notifications via webhooks (e.g. consent or payment status updates), enter one or more API Webhook URIs. These work in the same way as redirect URIs — multiple values are allowed, and the subscription.Webhook.Url in each consent must exactly match one of the values registered here. If you are not using webhooks, leave this field blank. See Webhooks for full guidance.

Step 6 – Finish creating the application

1. Click through to Create and register the application.

Your Client ID

Once your application is created, the Trust Framework assigns it a Client ID — a UUID that permanently identifies this application. You will use this value as client_id, iss, and sub in every JWT you sign, including Client Assertions and Request JWTs. Keep a note of it.

Click to expand

Where to find it later

Your Client ID is always visible on the application detail page in the Trust Framework Directory. If you need to retrieve it again, navigate to your Organisation → Applications → select the application.