This API allows the client to generate an OAuth Access Token & Refresh Token after authenticating the customer and taking his/her consent to allow the TPA to operate on this account on his/her behalf.
Version 1.1.0
- Makes a call to update Registration Status to 'BLK' - Bank Linkage Success. Client receives token only if this call returns 'Success'.
| Attachment | Size |
|---|---|
 Postman Collection | 5.14 KB |
Basepath
/v1/customer_signin
Paths
/oauth2/authorize
/oauth2/token
Request Access Tokens
This endpoint allows requesting an access token following one of the flows below:
- Authorization Code (exchange code for access token)
- Refresh Token (exchange refresh token for a new access code)
The table below indicates the required parameters for each specific grant_type options. Empty cells indicate a parameter is ignored for that specific grant type.
Client authentication:
- Confidential clients should authenticate using HTTP Basic Authentication. client_id and client_secret must be passed in the Authorization header for Basic Authentication.
| grant_type | code | refresh_token |
|---|---|---|
| client_id | required | required |
| client_secret | required | required |
| code | required | |
| scope | optional | |
| refresh_token | required |
The implicit grant requests, see /oauth2/authorize.
Type of grant
{
"enum": [
"authorization_code",
"password",
"client_credentials",
"refresh_token"
]
}Authorization code provided by the /oauth2/authorize endpoint
Scope being requested
The refresh token that the client wants to exchange for a new access token (refresh_token grant_type)
json document containing token, etc.
Unauthorized
Forbidden
/oauth2/issued
Returns list of permission granted to the owner
This endpoint allows the return of all the issued permission for a given authenticated owner per owner authentication defined in the x-ibm-configuration section
json document containing issued information, etc.
failure in retreiving issued list
Revoke an application/client permission by the authorized owner
Revoke an application/client permission by the authorized owner
client-id is the OAuth client_id or application id to be revoked
OK
/oauth2/revoke
Revoke a given access_token or refresh_token
This endpoint revokes a given access_token or refresh_token
String value of the access_token, or refresh_token to be revoked
This must contain 'access_token' or 'refresh_token' to indicate the token type
response from revocation
/oauth2/introspect
Introspect a given access_token supported
This endpoint introspects a given access_token
String value of the access_token to be introspected
This must contain 'access_token' to indicate the token type
json document containing access_token information, etc.
failure
Definitions
Error Response details
{
"properties": {
"status": {
"type": "string",
"description": "HTTP Status",
"example": "422"
},
"response_code": {
"type": "string",
"description": "API specific error code",
"example": "20006"
},
"property": {
"type": "string"
},
"response_message": {
"type": "string",
"description": "type of the error",
"example": "business exception"
},
"description": {
"type": "string",
"description": "detailed description of the error",
"example": "beneficiary_id not found"
}
},
"additionalProperties": false,
"required": [
"response_message",
"response_code",
"status"
]
}
Returns access and refresh tokens and id token when scope includes 'openid'
{
"type": "object",
"additionalProperties": false,
"required": [
"token_type",
"access_token",
"expires_in",
"refresh_token"
],
"properties": {
"token_type": {
"enum": [
"bearer"
],
"description": "Token type"
},
"access_token": {
"type": "string",
"description": "Access Token"
},
"expires_in": {
"type": "integer",
"description": "access_token expires in how many seconds"
},
"scope": {
"type": "string",
"description": "scopes allowed for the token"
},
"refresh_token": {
"type": "string",
"description": "Refresh Token to be stored against the uuid"
},
"refresh_token_expires_in": {
"type": "integer",
"description": "refresh_token expires in how many seconds"
},
"consented_on": {
"type": "integer",
"description": "Consented on in Unix time format"
},
"id_token": {
"type": "string",
"description": "OIDC token generated as a signed JWT. Returned only when scope includes 'openid'. Details included in the id token - uuid, scope, account_id, consented_on"
}
}
}
{
"type": "object",
"additionalProperties": false,
"required": [
"clientId",
"owner",
"scope",
"issuedAt",
"expiredAt",
"refreshTokenIssued"
],
"properties": {
"clientId": {
"type": "string"
},
"clientName": {
"type": "string"
},
"owner": {
"type": "string"
},
"scope": {
"type": "string"
},
"issuedAt": {
"type": "string"
},
"expiredAt": {
"type": "string"
},
"refreshTokenIssued": {
"type": "boolean"
},
"miscInfo": {
"type": "string"
},
"consentedOn": {
"type": "string"
},
"appId": {
"type": "string"
},
"org": {
"type": "string"
},
"orgId": {
"type": "string"
},
"provider": {
"type": "string"
},
"providerId": {
"type": "string"
},
"catalog": {
"type": "string"
},
"catalogId": {
"type": "string"
}
}
}
{
"type": "array",
"items": {
"$ref": "#/definitions/issued_response"
}
}
{
"additionalProperties": false,
"type": "object",
"properties": {
"status": {
"type": "string"
}
}
}
{
"type": "object",
"additionalProperties": false,
"required": [
"active",
"client_id",
"client_name",
"username",
"sub",
"exp",
"expstr",
"iat",
"nbf",
"nbfstr",
"scope"
],
"properties": {
"active": {
"type": "boolean"
},
"client_id": {
"type": "string"
},
"client_name": {
"type": "string"
},
"username": {
"type": "string"
},
"sub": {
"type": "string"
},
"exp": {
"type": "string"
},
"expstr": {
"type": "string"
},
"iat": {
"type": "string"
},
"nbf": {
"type": "string"
},
"nbfstr": {
"type": "string"
},
"scope": {
"type": "string"
},
"miscinfo": {
"type": "string"
},
"consented_on": {
"type": "string"
},
"consented_on_str": {
"type": "string"
},
"grant_type": {
"type": "string"
}
}
}