openapi: '3.0.1' info: title: Access Token version: 2.1.1 description: | The 'access_token' returned by the post /token request can be used for subsequent requests towards the Worldline Open Banking API's. With the access token the Open Banking Service can validate and authorize the request. servers: - url: /auth description: | Auth endpoint paths: /realms/{realm}/protocol/openid-connect/token: post: tags: - Token Administration CAS summary: Generates a token for the Initiating Party parameters: - in: path name: realm schema: type: string required: true description: | Name of the realm belonging to the tenant. The realm to be used will be provided during the onboarding process. description: '' operationId: posttoken requestBody: content: application/x-www-form-urlencoded: schema: oneOf: - $ref: '#/components/schemas/ClientCredentialsRequest' - $ref: '#/components/schemas/ClientJwtRequest' responses: '200': description: Successful content: application/json: schema: $ref: '#/components/schemas/TokenResponse' '400': description: Invalid request content: application/json: schema: type: object properties: error: type: string description: Kind of error. Either 'invalid_scope' or 'invalid_client' example: invalid_scope error_description: type: string description: description of the error example: 'Invalid scopes: IDEAL' components: schemas: ClientCredentialsRequest: type: object description: | Client Credentials authentication approach required: - grant_type - scope - client_id - client_secret properties: grant_type: type: string description: | To be set to 'client_credentials'. example: client_credentials scope: type: string description: | List of service(s) to be requested, it's a space separated list. example: VOP WERO client_id: type: string description: | The Id of the client. Provided during onboarding of the Initiating Party. example: Worldline-000021 client_secret: type: string description: | Client secret used for authentication. Provided during onboarding of the Initiating Party. example: password123 ClientJwtRequest: type: object description: | Client JWT authentication approach required: - grant_type - scope - client_assertion_type - client_assertion properties: grant_type: type: string description: | To be set to 'client_credentials'. example: client_credentials scope: type: string description: | List of service(s) to be requested, it's a space separated list. example: VOP WERO client_assertion_type: type: string description: | The assertion type used for the token request. To be set to 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'. example: urn:ietf:params:oauth:client-assertion-type:jwt-bearer client_assertion: type: string description: | The client assertion contains one JWT to authenticate the client. The token must contain the claims: The key id (kid) must be set to the signing certificate fingerprint (for example from the example token: B4E11A49EE0D1239E7F784919B91DF577E839385). The JWT has to be signed by the Initiating Party's private key. example: eyJhbGciOiJSUzI1NiIsImtpZCI6IkI0RTExQTQ5RUUwRDEyMzlFN0Y3ODQ5MTlCOTFERjU3N0U4MzkzODUiLCJ0eXAiOiJKV1QifQ.eyJzdWIiOiAiNTczNDY5OSIsICJhdWQiOiAiaHR0cHM6Ly9leGFtcGxlLWRvbWFpbi9hdXRoL3JlYWxtcy9leGFtcGxlLXJlYWxtIiwgImlhdCI6IDE3ODE2MTU0MTMsICJleHAiOiAxNzgxNjE5MDEzfQ.bzp3-V1TqGfO2DrBQ-hRl8GKO3Ur7Ucrsq49UZ3hdeTko4GGG_Y1YB6g09USo6Pt3UXBOJ_nE7T5SyK7DN9a0-XhZEztyLa2RdGTO_yjMLgnVn_heloT6BFpLpeUofeAIyOW9Fug3uCIIhZwlbb0LWG3rspeFy4e8ptMU1oIx97-h_r-y__KgAtwABX36dtHP9ww41oZsphhfG4da4PlrmKB-9xsqGnUwrlcEpieoYq0KiWNg_fncF4YteXXIJmcNH44UPAmTTBcIgGOcJ05K8Zw-Bc69CPRz2VMKsb0qS9OFQ3te97k3Olsdo0DJ6SN03CmpOMF1-DeDMfaiNbpRg TokenResponse: type: object additionalProperties: false description: | Access token response required: - access_token - expires_in - refresh_expires_in - token_type - not-before-policy - scope properties: access_token: type: string description: | Token to be used in further API calls expires_in: type: integer description: | Expiration time in seconds. example: 300 refresh_expires_in: type: integer description: | There is no refresh supported for Initiating Party Access Tokens, value will be: 0 example: 0 token_type: type: string description: | Type of the token: Bearer example: "Bearer" not-before-policy: type: integer description: | The token is valid immediately: 0 example: 0 scope: type: string description: | The list of the services for which the token is valid, it's a space separated list. example: "VOP WERO"