Skip to main content

Wych Compliance Validation API

How early is too early to discover compliance issues?

Wych Compliance Validation helps Data Holders find open banking compliance issues before they become release, audit, or production problems.

This API is designed for developers, testers, and compliance teams who need to validate Data Holder implementations against expected open banking behaviours. It can be used during development, system integration testing, release validation, and automated build pipelines.

What you can do with this API

Using this API, you can:

  • run compliance checks against Data Holder APIs
  • validate public, protected, and administrative endpoint behaviour
  • retrieve validation executions and results
  • inspect validator outcomes and response details
  • capture evidence for remediation and audit readiness

How the API works

The Compliance Validation API typically follows this flow:

  1. configure the target Data Holder endpoint or test context
  2. execute a validation request
  3. retrieve the execution result
  4. review validator outcomes and response details
  5. use the results to remediate issues or support release evidence

Shift-left compliance testing

Compliance issues are easier to resolve when they are found early.

Wych Compliance Validation supports a shift-left approach by allowing teams to test Data Holder behaviour before release. This helps reduce late-stage rework, improves confidence in implementation quality, and provides evidence that can support internal governance, audit, and readiness activities.

Typical use cases

Use the Compliance Validation API for:

  • development-time validation of Data Holder endpoints
  • regression testing before release
  • automated validation in build or deployment pipelines
  • evidence capture for compliance and audit activities
  • investigation of failed or inconsistent open banking behaviours

Authentication

Protected API requests require the authentication method configured for your Wych environment.

Use the API reference to confirm the required headers, tokens, and request payloads for each endpoint.

Next steps

Start with the execution endpoints to run a validation, then use the result and validator endpoints to inspect the outcome.