Authorization API


These APIs allow authorization of third party identity (enroll) and identity of client, as well as authorization client’s request for account information or single payment order.

Client authorization APIs allow strong customer authentication, atuthorize client’s requests and obtain short-term token for passive operations. Following services are available:

  • Strong customer authentication – this process allows to authenticate user in bank environment and returns authorization code for 90 days access to account or for authorizing requests
  • Token by secret – this service allows to authenticate TPP and obtain short-term access token for passive operations
  • Authorization Code – this service allows to exchange authorization code for access token
  • Refresh token – this service allows to renew short-term access token within 90 days period

TPP Enroll APIs allow authorized TPP with a valid eIDAS certificate to request automatic assignment of technical identificators and manage it’s enrollment. Following services are available:

  • TPP enroll create – this service assigns technical identificators to authorized third party provider
  • TPP enroll update – this service allows to change enrollment of authorized third party provider
  • TPP enroll delete – this service allows to delete enrollment of authorized third party provider
  • TPP renew secret – this service allows to renew assigned secret of authorized third party provider

API usage
API can be used by clients of CSOB bank with current account held by CSOB bank on which they have access via Moja CSOB and use any of allowed authorisation method like Token, Token for mobile or SMS. Payment limits and disposal rights are the same as in Moja CSOB.


Charges for client
Using Authorization API does not charge any additional fees for clients.


Service availability
Service is available 24/7 except periods of technical maintenace. These activities are announced in advance on our web site.