Identity Server

POST Authorization Code

Method of service: HTTP POST

The method is used to obtain access_token and refresh_token (in case of SCA not for purpose of submitting payment) after every redirect from SCA, where from redirect URL TPP obtain code to be used in this method. Code obtained from redirect URL from SCA could be used only once.

Text of request in example :

  • Client_id and client_secret have to correlate with client
  • AuthorizationCode obtained throw SCA redirect URL after successful client log in

Method returns access_token (for further use) in response.


POST Token by Secret

Method of service: HTTP POST

TPP realize this service calls for receiving the access_token which is needed to verify the TPP in the next communication. The value of Access_token is only short-term therefore you need to renew it regularly.

This service could be used for obtaining access_token for PISP/PIISP Balance Check, (Simple) Standard payment initialization or Payment order status. The message body includes following:

  • Client_id
  • Client_secret password / token issued by the ASPSP for the application (client_id) of the TPP

called scope

Token by Secret process visualization

Picture: Token by Secret Flow


Refresh Token

Method of service: HTTP POST

TPP realize this service calls for refreshing (obtaining new) access_token after previous access_token expiration. The value of Access_token is only short-term therefore you need to renew it regularly.

When service is called TPP obtained also new refresh_token – with old validity, but new value of refresh_token.

This service could be used for obtaining access_token from all refresh_tokens obtained from SCA. The message body includes following:

  • Client_id
  • Client_secret password / token issued by the ASPSP for the application (client_id) of the TPP

Refresh Token and 90AT process visualization is attached in following chapter.