openapi: '3.0.1' info: title: Access Token version: 2.1.1 description: | The 'access_token' returned by the post /token request can be used for subsequent requests towards the Worldline Open Banking API's. With the access token the Open Banking Service can validate and authorize the request. servers: - url: /auth description: | Auth endpoint paths: /realms/{realm}/protocol/openid-connect/token: post: tags: - Token Administration CAS summary: Generates a token for the Initiating Party parameters: - in: path name: realm schema: type: string required: true description: | Name of the realm belonging to the tenant. The realm to be used will be provided during the onboarding process. description: '' operationId: posttoken requestBody: content: application/x-www-form-urlencoded: schema: oneOf: - $ref: '#/components/schemas/ClientCredentialsRequest' - $ref: '#/components/schemas/ClientJwtRequest' responses: '200': description: Successful content: application/json: schema: $ref: '#/components/schemas/TokenResponse' '400': description: Invalid request content: application/json: schema: type: object properties: error: type: string description: Kind of error. Either 'invalid_scope' or 'invalid_client' example: invalid_scope error_description: type: string description: description of the error example: 'Invalid scopes: IDEAL' components: schemas: ClientCredentialsRequest: type: object description: | Client Credentials authentication approach required: - grant_type - scope - client_id - client_secret properties: grant_type: type: string description: | To be set to 'client_credentials'. example: client_credentials scope: type: string description: | List of service(s) to be requested, it's a space separated list. example: VOP WERO client_id: type: string description: | The Id of the client. Provided during onboarding of the Initiating Party. example: Worldline-000021 client_secret: type: string description: | Client secret used for authentication. Provided during onboarding of the Initiating Party. example: password123 ClientJwtRequest: type: object description: | Client JWT authentication approach required: - grant_type - scope - client_assertion_type - client_assertion properties: grant_type: type: string description: | To be set to 'client_credentials'. example: client_credentials scope: type: string description: | List of service(s) to be requested, it's a space separated list. example: VOP WERO client_assertion_type: type: string description: | The assertion type used for the token request. To be set to 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'. example: urn:ietf:params:oauth:client-assertion-type:jwt-bearer client_assertion: type: string description: | The client assertion contains one JWT to authenticate the client. The token must contain the claims: