Notification Bearer Tokens are sent in the Authorization header of notifications sent from the Open Banking Service to the Initiating Party. Currently two Notification types exist:
- Status Notification requests
- Debtor token Callback requests
The Notification Bearer Token can be configured in the back office portal under a specific Subscription. Depending on the subscription one or more options exist:
- Static token
- OAuth Client Credentials (Basic Auth)
- OAuth Client Credentials (Query Parameters)
- OAuth Client Credentials (Form Body)
The 'Static token' does not have a set validity period.
When receiving the notification request, the Initiating Party should verify that the value of the Notification Bearer Token matches what was set in the Subscription to ensure that the request is sent by Worldline.