TPP renew secret API call flow
API historyThis API allows to renew assigned secret of authorized third party provider.
Step 1: Request to renew client secret
Initiate POST request to renew client secret with valid certificate and assigned Client ID:
TPP renew secret
Version1
|
URL LIVE
URL SANDBOX
|
POST https://api.csob.sk/enroll/enroll/{client_id}/renewSecret
POST https://api.csob.sk/enroll-test/enroll/{client_id}/renewSecret
|
Only authorized third parties which are approved on bank side are allowed to renew their client secret. TPP ID assigned by the bank must be in the URL of request. On API Explorer web site there is a possibility to test API online (Try it) and download API definition (WADL, Open API).
Request:
Payload is empty.
Response:
Header
Attributes structure
|
Optionality
|
Type
|
Description
|
Content-Type
|
Mandatory
|
String
|
application/json
|
Body
Attributes structure |
Optionality |
Type |
Description |
client_id |
Mandatory |
String |
Client id assigned to the third party by the bank. This ID is needed in further communication with the bank |
client_secret |
Mandatory |
String |
Client secret issued by the bank for the third party |
client_secret_
expires_at |
Optional |
DateTime |
Value 0 always returned |
Example:
Request
POST https://api.csob.sk/enroll/enroll/TIDgjzKuS7k/renewSecret HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/json;charset=UTF-8
Content-Length: 0
Host: api.csob.sk
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
Response
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Transfer-Encoding: chunked
Content-Type: application/json
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Server-Process-ID: icujTd6JgdwtfXHgkqe9h7jRQDR5C8uy
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 05 Apr 2019 15:08:02 GMT
{
"client_id": "TIDgjzKuS7k",
"client_secret": "rJiVbJivfmzzsgbepJLQzUJ26b3Qs6Lu",
"client_secret_expires_at": "0"
}