POST /v1/oauth2/tokens

Overview

This endpoint creates an access token to be given to the requesting PSP by the FI.

https://sandbox.konsentus.com/v1/oauth2/tokens

Request Properties

Headers

Authorization REQUIRED
string
Basic Auth Header
fi_reference_id REQUIRED
string
A string representing the FI authenticating with the system
version REQUIRED
string
A string representing version of the API you are using
eidas REQUIRED
string
Base64 encoded eIDAS certificate
Content-Type REQUIRED
string
Must be set to: application/json

Further information is available on Authentication Headers, eIDAS Certificates and Version Header.

Body Parameters

account_id REQUIRED
string
A unique and never reassigned subject identifier from the FI for the PSU's account.
client_request_query_parameters REQUIRED
object
The request object from the PSP - forwarded by the FI.
grant_type REQUIRED
string
Describes the flow of OAuth2.0. Can be set to authorization_code or client_credentials. If set to client_credentials none of the other fields are required.
code REQUIRED
string
The one-time use authorization code generated by Konsentus, that has a life time of 60 seconds. The authorization code is bound to the PSP and redirection URI.
redirect_uri REQUIRED
string
The redirect URI registered by the PSP with the CA.

Request Body Example

{
  "account_id": "12345678",
  "client_request_query_parameters": {
    "grant_type": "authorization_code",
    "code": "48968085-dfab-4672-a578-1ab88b77b57d",
    "redirect_uri": "https://www.google.com",
  }
}

Response Properties

data object
response data
access_token string
The access token generated by Konsentus. The authorization code is bound to the client identifier and redirection URI. If grant_type in the request was set to client_credentials then the token in the response will be hardcoded to good-access-token.
expires_in integer
If the access token expires, the server replies with the duration of time the access token is granted for.
token_type string
The type of token, typically just the string 'bearer’.
scope string
The scope the PSP is granted. Can be 'payments' or 'accounts'.
errors array<object>

        See error documentation for fields and descriptions

Responses

201

Request received and access token created.

{
  "data": {
    "access_token": string,
    "expires_in": integer,
    "token_type": string,
    "scope": string
  }
}

400

Request received missing parameters or malformed.

{
  "errors": [{
    "id": string,
    "code": string,
    "title": string,
    "link": string
  }]
}

401

Unable to Authorize.

{
  "errors": [{
    "id": string,
    "code": string,
    "title": string,
    "link": string
  }]
}

403

Forbidden.

{
  "errors": [{
    "id": string,
    "code": string,
    "title": string,
    "link": string
  }]
}

Response Example

201 CREATED

Success

{
  "data": {
    "access_token": "8c9378f8-e27f-4e0a-a643-d73585d1249f",
    "expires_in": 31104000,
    "token_type": "bearer",
    "scope": "payments"
  }
}
Last Updated: 8/9/2019, 3:47:34 PM