POST /v1/oauth2/authorization_codes

Overview

This endpoint creates a redirect URI with an authorization code to be used by an FI to redirect a PSU back to a PSP.

https://sandbox.konsentus.com/v1/oauth2/authorization_codes

Request Properties

Headers

Authorization REQUIRED
string
Basic Auth Header
fi_reference_id REQUIRED
string
A string representing the FI authenticating with the system
version REQUIRED
string
A string representing version of the API you are using
eidas REQUIRED
string
Base64 encoded eIDAS certificate
Content-Type REQUIRED
string
Must be set to: application/json

Further information is available on Authentication Headers, eIDAS Certificates and Version Header.

Body Parameters

account_id REQUIRED
string
A unique and never reassigned subject identifier from the FI for the PSU's account.
client_request_query_parameters REQUIRED
object
The request object from the PSP - forwarded by the FI.
response_type REQUIRED
string
Specifies that your application is requesting an authorization code grant. This field should be set to code.
redirect_uri REQUIRED
string
The redirect URI registered by the PSP with the QTSP.
scope REQUIRED
string
The scopes requested by the PSP for access to the PSU’s details from the FI. Can be 'payments' or 'accounts'.
state
string
(OPTIONAL) An opaque value used by the client to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client. The parameter is used for preventing cross-site request forgery.

Request Body Example

{
  "account_id": "12345678",
  "client_request_query_parameters": {
    "response_type": "code",
    "redirect_uri": "https://www.google.com",
    "scope": "payments",
    "state": "example-state" OPTIONAL
  }
}

Response Properties

data object
response data
redirect_uri object
base_uri string
The redirect_uri provided in the request.
parameters object
code string
The authorization code generated by Konsentus used in a request for a token. The lifetime of the authorization code is 60 seconds. The authorization code MUST NOT be used more than once. If an authorization code is used more than once, the request will be denied. The authorization code is bound to the client identifier and redirection URI.
state string
The state, if provided in the request.
full_uri string
The full uri, composed of the base url, the access code and state that can be used by the FI to redirect back to the PSP.
errors array<object>

        See error documentation for fields and descriptions

Responses

201

Request received, authorization code returned.

{
  "data": {
    "redirect_uri": {
      "base_uri": string,
      "parameters": {
        "code": string,
        "state": string OPTIONAL,
      },
    "full_uri": string,
   }
  }
}

400

Request received missing parameters or malformed.

{
  "errors": [{
    "id": string,
    "code": string,
    "title": string,
    "link": string
  }]
}

401

Unable to authorize.

{
  "errors": [{
    "id": string,
    "code": string,
    "title": string,
    "link": string
  }]
}

403

Forbidden.

{
  "data": {
    "redirect_uri": {
      "base_uri": string,
      "parameters": {
         "error": string,
         "error_description": string,
         "state": string,
       },
      "full_uri": string,
    }
  },
  "errors": [{
    "id": string,
    "code": string,
    "title": string,
    "link": string
  }]
}

Response Example

201 CREATED

Success:

{
  "data": {
     "redirect_uri": {
      "base_uri": "https://www.google.com",
      "parameters": {
         "code": "48968085-dfab-4672-a578-1ab88b77b57d",
         "state": "example-state",
       },
       "full_uri": "https://www.google.com?code=48968085-dfab-4672-a578-1ab88b77b57d&state=example-state",
     }
  }
}

403 FORBIDDEN

{
  "data": {
    "redirect_uri": {
      "base_url": "https://www.google.com",
      "parameters": {
         "error": "invalid_scope",
         "error_description": "Invalid scope provided",
         "state": "example-state",
       },
      "full_uri": "https://www.google.com?error=invalid_scope&error_description=Invalid%20scope%20provided&state=example-state",
    }
  },
  "errors": [{
      "id": null,
      "code": 'payment_service_invalid',
      "title": 'The PSD2 role provided in the request is invalid. Check that the role you are requesting is a valid. Refer to our API documentation to look up PSD2 roles supported.',
      "link": "https://docs.sandbox.konsentus-dev.com/api-reference/error-codes.html"
  }]
}
Last Updated: 8/22/2019, 2:41:03 PM