# POST /v1/obie/authorization_code

Archived documentation

This documentation refers to V1.6. See Release Notes for more information.

# Overview

This endpoint creates a redirect URI with an authorization code for the OBIE flow to be used by an FI to redirect a PSU back to a TPP.

https://sandbox.konsentus.com/v1/obie/authorization_code

# Request Properties

# Headers

Authorization REQUIRED
string
Basic Auth Header
fi_reference_id REQUIRED
string
A string representing the FI authenticating with the system

Authentication Headers

x-ccg-token REQUIRED
string
Client credentials grant token

Client Credentials Grant Token

Content-Type REQUIRED
string
Must be set to: application/json

# Request Body Properties

consent_id REQUIRED
string
A unique and never reassigned subject identifier from the FI for the PSU's account.
psu_account_id REQUIRED
string
A unique and never reassigned subject identifier from the FI for the PSU's account.
redirect_uri REQUIRED
string
The redirect URI registered by the TPP with the QTSP. This is a URI which should be preregistered by the TPP but not with Konsentus - it is currently unclear exactly where this URI should be registered but the current working assumption is that it will be registered with the QTSP.
scope REQUIRED
string
The scopes requested by the TPP for access to the PSU’s details from the FI. Must be equal to /'payment/' or /'account/'.
state
string
(OPTIONAL) An opaque value used by the client to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client. The parameter is used for preventing cross-site request forgery.

# Request Body Example

{
    "consent_id": "urn-examplebank-intent-12345",
    "psu_account_id": "12345678"
    "redirect_uri": "https://www.google.com",
    "scope": "",
    "state": "example-state"
  }

# Response Properties

data object
response data
code string
The authorization code generated by Konsentus and is used in a request for a token. The lifetime of the authorization code is 60 seconds. The authorization code MUST NOT be used more than once. If an authorization code is used more than once, the request will be denied. The authorization code is bound to the client identifier and redirection URI.
state string
(OPTIONAL) The state, if provided in the request.
base_uri string
The redirect_uri provided in the request.
full_uri string
The full uri, composed of the base url, the access code and state that can be used by the FI to redirect back to the TPP.
error string
A single ASCII error code as specified by OAuth 2.0.
error_description string
Human-readable ASCII text providing additional information, used to assist the client developer in understanding the error that occurred as specified by OAuth 2.0.
error object

        See error documentation for fields and descriptions

# Responses

# 201

Request received, authorization code returned.

{
  "data": {
    "redirect_uri": {
      "base_uri": string,
      "parameters": {
        "code": string,
        "state": string OPTIONAL,
      },
    "full_uri": string,
   }
  }
}

# 400

Request received missing parameters or malformed.

{
  "errors": [{
    "id": string,
    "code": string,
    "title": string,
    "link": string
  }]
}

# 401

Unable to authorize.

{
  "errors": [{
    "id": string,
    "code": string,
    "title": string,
    "link": string
  }]
}

# 403

Forbidden.

{
  "data": {
    "redirect_uri": {
      "base_url": string,
      "parameters": {
         "error": string,
         "error_description": string,
         "state": string OPTIONAL,
       },
      "full_uri": string,
    }
  },
  "errors": [{
    "id": string,
    "code": string,
    "title": string,
    "link": string
  }]
}

{
  "errors": [{
    "id": string,
    "code": string,
    "title": string,
    "link": string
  }]
}

# Response Example

# 201 CREATED

# Success:

{
  "data": {
     "redirect_uri": {
      "base_uri": "https://www.google.com",
      "parameters": {
         "code": "48968085-dfab-4672-a578-1ab88b77b57d",
         "state": "example-state",
       },
       "full_uri": "https://www.google.com?code=48968085-dfab-4672-a578-1ab88b77b57dt&state=example-state",
     }
  }
}

# 403 FORBIDDEN

{
  "data": {
    "redirect_uri": {
      "base_url": "https://www.google.com",
      "parameters": {
         "error": "invalid_scope",
         "error_description": "Invalid scope provided",
         "state": "example-state",
       },
      "full_uri": "https://www.google.com?error=invalid_scope&error_description=Invalid%20scope%20provided&state=example-state",
    }
  },
  "errors": [{
      "id": null,
      "code": 'psd2_roles_invalid',
      "title": 'The PSD2 role provided in the request is invalid. Check that the role you are requesting is a valid. Refer to our API documentation to look up PSD2 roles supported.',
      "link": "https://docs.sandbox.konsentus-dev.com/api-reference/error-codes.html"
  }]
}
Last Updated: 8/9/2019, 3:47:34 PM