Access Tokens
All requests made to the Open Banking API requires an access token. Requesting an access token requires you to provide your client_id and client_secret, which were generated when you created your application in the Developer Portal. Access tokens are valid for one hour and belong to a certain product and scope only. The available options for the scope parameter can be found here.
This guide shows you how to acquire an access token with scope accountinformation corporate, allowing you to make requests to the Account Information Service (AIS) API for corporate accounts.
We use OAuth2 with client credentials for authentication which is a well-known standard. Please use a library for authenticating with us instead of coding it yourself.
Request Token
Endpoint
POST /connect/tokenhttp
Request Headers
| Name | Type | Description |
|---|---|---|
Accept | string | Specifies the desired response format. |
Content-Type | string | Specifies the request format. |
Request Body
| Name | Type | Description |
|---|---|---|
client_id | string | The Client ID of the application you created in the Developer Portal. |
client_secret | string | The secret key that was generated when the application was created. |
grant_type | string(enum) | Specifies the OAuth 2.0 grant flow to use. For client-based access tokens, this should be client_credentials. |
scope | string | Specifies the level of access requested. It is a space-separated string combining API scopes (e.g. accountinformation) and PSU context scopes (e.g. corporate). |
curl -X POST "https://auth.openbankingplatform.com/connect/token" \ -H "Accept: application/json" \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "client_id=555510ad-da62-4e6d-80b8-e18967eabf0b" \ -d "client_secret=joiaHR0cHM6Ly9hdXRoLm9wZW5iYW5raW5ncGxhdGZvcm0uY29tIiwiYXVkIjpb" \ -d "grant_type=client_credentials" \ -d "scope=accountinformation corporate"bash
Response
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIn0...",
"expires_in": 3600,
"token_type": "Bearer",
"scope": "accountinformation corporate"
}jsonYou now have an access token that you can use as authorization to make requests to the AIS API.