ob-obp-authorization-api
The following two steps have to be performed for each service to facilitate a secure connection between the Initiating Party and the Open Banking Service.
- Upload certificate
- Retrieve token
Upload certificate
The Initiating Party uploads his public certificate in the Back-office.
Retrieve token
Endpoint: POST /token
This API retrieves the token which is used in the communication between the Initiating Party and the Open Banking Service. The Initiating Party is using his private key to sign the request. In the response he will receive an access token from the Open Banking Service. This token is used in all subsequent API calls towards the Open Banking Service.
Request
| Location | Name | Type | Comments |
| Form data | grant_type required | String | To be set to ‘client_credentials’ |
| Header | Authorization required | String | The signature. It contains the header attributes 'app', 'client', 'id' and 'date' signed with the private key of the client. The signature will be used to sign the authorisation request with the private key which corresponds to the certificate provided for the onboarding. Structure
Example
Generating rules The signature must be created over a String where app, client, id and date are concatenated with the following rules:
More details can be found here: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12 |
| Header | App required | String | The name of the service. Only IDEAL, AIS, PIS or PSU is allowed. |
| Header | Client required | String | The name of the client. This name is provided to the Initiating Party during onboarding. The name of the client is created by the Open Banking Service. |
| Header | Id required | String | The combination of Initiating Party ID and sub Id. For example if Initiating Party ID is 433 and the sub ID is 5 the ID will be 433:5 IP=433, subId=5 -> 433:5 IP=434, no subId -> 434 |
| Header | Date required | Date | Should be filled with the current date. The following date formats are supported: 1. EEE MMM dd HH:mm:ss zzz yyyy 2. ISO DATE: for example 2011-12-03T10:15:30+01:00 3. RFC 1123: for example Tue, 3 Jun 2008 11:05:30 GMT |
Response
| Mult. | Name | Type | Comments |
| [1..1] | access_token | String | Token to be used in further API calls |
| [1..1] | token_type | String | Type of the token: Bearer |
| [1..1] | expires_in | Integer | Expiration time in seconds |
Example: Authorisation
Request
curl -L -X POST 'https://localhost:8443/xs2a/routingservice/services/authorize/token?grant_type=client_credentials' \
-H 'App: IDEAL' \
-H 'Accept: application/json' \
-H 'Date: 2022-03-25T09:41:31.256Z' \
-H 'Authorization: Signature KeyID="8D0F688AD3E6C2D4D5FB99FE129F2A2E3B496AF7", algorithm="SHA256withRSA", headers="app client id date", signature= "kAIepMoo6CRTWz9CLUFcpZj8eNQTdjXq6V8+kdk/9M1GmVud2CVrP1NMNTEiXgKzBlFQQlhv1iaFhMVOLVq7u8aEV4eeoNxjTLDK+lk4zkjCBjeOyXtr32dtfjsvytlzhXw7KJizgOGd+m4Gh9xtSjY0I5QM/p+znKZsJCVKNSUUBZndAxIudsxy2Srp/yzexmvWpsoAvWIZzwtDS03h4PjGTGKloXz6KyC+/I+GSBjw9M3GATUMMVrrgTKoR8oI0Xcr9v7ZTr3KpT1d1/LrcxQ82o2kq0+4ECVoJdVRezr2oZRmZ5hTHTIHehMNkASnuDqzDaQxQvMInUTg8tFKGA=="' \
-H 'Id: 000784' \
-H 'Client: Worldline'
Response
Content-Type: application/json;charset=UTF-8
ResponseCode: 200
Headers: {X-Request-ID=23eeed2d-f163-43c5-94b1-eeadcbb393e3, MessageCreateDateTime=2022-03-25T09:41:31.819Z, Date=Fri, 25 Mar 2022 09:41:31 GMT, Content-Type=application/json;charset=UTF-8}
Payload: {
"access_token": "abb5468b4845dffff9cccd7c950e529",
"token_type": "Bearer",
"expires_in": 3600
}
