Token by secret API call flow
API historyThis API allows to authenticate TPP to obtain short-term access token for passive operations:
- PISP – for initiating Payment order, Standing order, Standing order update, Standing order cancellation, Payment order cancellation or obtaining payment order status
- AISP – for obtaining TokenId binded with IBAN, used to authenticate user - described in „Strong customer authentication SCA - alternative flow“
- PIISP – for obtaining YES/NO confirmation of disponibility of funds, when explicit consent already exists
Step 1: Get the access token with specific scopes (AISP, PISP, PIISP)
Obtaining access token is based on OAuth 2.0 Client credentials grant flow. TPP obtains this credentials during enrollmen process.
|
Token by secret
Version1
|
URL LIVE
URL SANDBOX
|
POST https://api.csob.sk/identity-server/connect/token
POST https://api.csob.sk/identity-server-test/connect/token
|
TPP calls this service to obtain short-term access token which is needed to verify the TPP in further communication. This access token is valid 20 min only and can’t be renewed. After exspiration, new short-term access token must be issued. On API Explorer web site there is a possibility to test API online (Try it) and download API definition (WADL, Open API).
Request:
Header
|
Attributes structure
|
Optionality
|
Type
|
Description
|
|
Content-Type
|
Mandatory
|
String
|
application/x-www-form-urlencoded;charset=UTF-8
|
|
Request parameters
Version1
|
grant_type={grant_type}&client_id={client_id}&client_secret={client_secret}&scope={scope} |
Attributes structure |
Optionality |
Type |
Description |
grant_type |
Mandatory |
String |
Value is „client_credentials“ |
client_id |
Mandatory |
String |
TPP ID obtained from enrollment |
client_secret |
Mandatory |
String |
Secret obtained from enrollment |
scope |
Mandatory |
String |
The scope of the access request according to SBAS: AISP, PISP, PIISP. These scopes can be combined according to TPP rights. |
Response:
Attributes structure |
Optionality |
Type |
Description |
access_token |
Mandatory |
String |
Short-term access token |
expires_in |
Mandatory |
String |
Validity of access token in seconds |
token_type |
Mandatory |
String |
Value is „Bearer“ |
Example:
Request
POST https://api.csob.sk/identity-server/connect/token HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Content-Length: 120
Host: api.csob.sk
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
grant_type=client_credentials&client_id=TIDgjzKuS7k&client_secret=Pr9jb8Y7Y5bnUxpNcJEhqdV3EiaxcpvK&scope=PISP PIISP
Response
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Transfer-Encoding: chunked
Content-Type: application/json
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Server-Process-ID: Ypwq7QA68y77ygYArQq8pCNJQDhmNWur
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Wed, 27 Mar 2019 14:43:28 GMT
{
"access_token": "b02ab0a7ae7e5f19a85e5e935b4fc0623915a3940e761998cbb46654fe62117f",
"expires_in": 1200,
"token_type": "Bearer"
}