# POST /v1/oauth2/authorization_code

Archived documentation

This documentation refers to V1.6. See Release Notes for more information.

# Overview

This endpoint creates a redirect URI with an authorization code to be used by an FI to redirect a PSU back to a TPP.

https://sandbox.konsentus.com/v1/oauth2/authorization_code

# Request Properties

# Headers

Authorization REQUIRED
string
Basic Auth Header
fi_reference_id REQUIRED
string
A string representing the FI authenticating with the system

Authentication Headers

x-eidas REQUIRED
string
Base64 encoded eIDAS certificate

eIDAS Certificate Headers

Content-Type REQUIRED
string
Must be set to: application/json

# Body Parameters

account_id REQUIRED
number
A unique and never reassigned subject identifier from the FI for the PSU's account.
psd2_role REQUIRED
string
The PSD2 role of the TPP. This field must be set to one of the following values: PSP_PI, PSP_AI, PSP_AS, PSP_IC. Note: Payment (PSP_PI) tokens cannot be revoked.
client_request_query_parameters REQUIRED
object
The request object from the TPP - forwarded by the FI.
tpp_id REQUIRED
string
A client identifier for a TPP matching the unique identifier they are registered with on the CA.
response_type REQUIRED
string
Specifies that your application is requesting an authorization code grant. This field should be set to code.
redirect_uri REQUIRED
string
The redirect URI registered by the TPP with the QTSP. This is a URI which should be preregistered by the TPP but not with Konsentus - it is currently unclear exactly where this URI should be registered but the current working assumption is that it will be registered with the QTSP.
scope REQUIRED
string
The scopes requested by the TPP for access to the PSU’s details from the FI.
state
string
(OPTIONAL) An opaque value used by the client to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client. The parameter is used for preventing cross-site request forgery.

# Request Body Example

{
  "account_id": "12345678",
  "psd2_role": "PSP_PI",
  "client_request_query_parameters": {
    "response_type": "code",
    "tpp_id": "PSDGB-FCA-kt-484347",
    "redirect_uri": "https://www.google.com",
    "scope": "pay",
    "state": "example-state" OPTIONAL
  }
}

# Response Properties

data object
response data
code string
The authorization code generated by Konsentus and is used in a request for a token. The lifetime of the authorization code is 60 seconds. The authorization code MUST NOT be used more than once. If an authorization code is used more than once, the request will be denied. The authorization code is bound to the client identifier and redirection URI.
state string
The state, if provided in the request.
base_uri string
The redirect_uri provided in the request.
full_uri string
The full uri, composed of the base url, the access code and state that can be used by the FI to redirect back to the TPP.
error string
A single ASCII error code as specified by OAuth 2.0.
error_description string
Human-readable ASCII text providing additional information, used to assist the client developer in understanding the error that occurred as specified by OAuth 2.0.
error object

        See error documentation for fields and descriptions

# Responses

# 201

Request received, authorization code returned.

{
  "data": {
    "redirect_uri": {
      "base_uri": string,
      "parameters": {
        "code": string,
        "state": string OPTIONAL,
      },
    "full_uri": string,
   }
  }
}

# 400

Request received missing parameters or malformed.

{
  "errors": [{
    "id": string,
    "code": string,
    "title": string,
    "link": string
  }]
}

# 401

Unable to authorize.

{
  "errors": [{
    "id": string,
    "code": string,
    "title": string,
    "link": string
  }]
}

# 403

Forbidden.

{
  "data": {
    "redirect_uri": {
      "base_url": string,
      "parameters": {
         "error": string,
         "error_description": string,
         "state": string,
       },
      "full_uri": string,
    }
  },
  "errors": [{
    "id": string,
    "code": string,
    "title": string,
    "link": string
  }]
}

# Response Example

# 201 CREATED

# Success:

{
  "data": {
     "redirect_uri": {
      "base_uri": "https://www.google.com",
      "parameters": {
         "code": "48968085-dfab-4672-a578-1ab88b77b57d",
         "state": "example-state",
       },
       "full_uri": "https://www.google.com?code=48968085-dfab-4672-a578-1ab88b77b57d&state=example-state",
     }
  }
}

# 403 FORBIDDEN

{
  "data": {
    "redirect_uri": {
      "base_url": "https://www.google.com",
      "parameters": {
         "error": "invalid_scope",
         "error_description": "Invalid scope provided",
         "state": "example-state",
       },
      "full_uri": "https://www.google.com?error=invalid_scope&error_description=Invalid%20scope%20provided&state=example-state",
    }
  },
  "errors": [{
      "id": null,
      "code": 'psd2_roles_invalid',
      "title": 'The PSD2 role provided in the request is invalid. Check that the role you are requesting is a valid. Refer to our API documentation to look up PSD2 roles supported.',
      "link": "https://docs.sandbox.konsentus-dev.com/api-reference/error-codes.html"
  }]
}
Last Updated: 8/9/2019, 3:47:34 PM