openapi: '3.0.1' info: title: Access Token version: 2.0.0 description: | The 'access_token' returned by the post /token request can be used for subsequent requests towards the Worldline Open Banking API's. With the access token the Open Banking Service can validate and authorize the request. servers: - url: https://qa2-vop.awltest.de/auth paths: /realms/merchant-clients/protocol/openid-connect/token: post: tags: - Token Administration CAS summary: Generates a token for the Initiating Party description: '' operationId: posttoken requestBody: content: application/x-www-form-urlencoded: schema: type: object properties: grant_type: type: string description: To be set to ‘client_credentials’ example: client_credentials client_id: type: string description: The Id of the client. Provided during onboarding of the Initiating Party. example: Worldline-000021 client_secret: type: string description: Client secret used for authentication. Provided during onboarding of the Initiating Party. example: password123 scope: type: string description: The list of the services. Currently VOP is supported. example: VOP required: - grant_type - client_id - client_secret - scope responses: '200': description: Successful content: application/json: schema: $ref: '#/components/schemas/TokenResponse' '400': description: Invalid request content: application/json: schema: type: object properties: error: type: string description: Kind of error. Either 'invalid_scope' or 'invalid_client' example: invalid_scope error_description: type: string description: description of the error example: 'Invalid scopes: AIS PIS IDEAL' components: schemas: TokenResponse: type: object additionalProperties: false description: | Access token response required: - access_token - expires_in - refresh_expires_in - token_type - not-before-policy - scope properties: access_token: type: string description: | Token to be used in further API calls expires_in: type: integer description: | Expiration time in seconds. example: 300 refresh_expires_in: type: integer description: | There is no refresh supported for Initiating Party Access Tokens, value will be: 0 example: 0 token_type: type: string description: | Type of the token: Bearer example: "Bearer" not-before-policy: type: integer description: | The token is valid immediately: 0 example: 0 scope: type: string description: | The list of the services for which the token is valid, it's a space seperated list. example: "VOP"