Access Tokens
All requests made to the Open Banking API requires an access token. Requesting an access token requires you to provide your client_id
and client_secret
, which were generated when you created your application in the Developer Portal. Access tokens are valid for one hour and belong to a certain product and scope only. The available options for the scope
parameter can be found here.
This guide shows you how to acquire an access token with scope
accountinformation corporate
, allowing you to make requests to the Account Information Service (AIS) API for corporate accounts.
We use OAuth2 with client credentials for authentication which is a well-known standard. Please use a library for authenticating with us instead of coding it yourself.
Request Token
Endpoint
POST /connect/tokenhttp
Request Headers
Name | Type | Description |
---|---|---|
Accept | string | Specifies the desired response format. |
Content-Type | string | Specifies the request format. |
Request Body
Name | Type | Description |
---|---|---|
client_id | string | The Client ID of the application you created in the Developer Portal. |
client_secret | string | The secret key that was generated when the application was created. |
grant_type | string(enum) | Specifies the OAuth 2.0 grant flow to use. For client-based access tokens, this should be client_credentials . |
scope | string | Specifies the level of access requested. It is a space-separated string combining API scopes (e.g. accountinformation ) and PSU context scopes (e.g. corporate ). |
curl -X POST "https://auth.openbankingplatform.com/connect/token" \ -H "Accept: application/json" \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "client_id=555510ad-da62-4e6d-80b8-e18967eabf0b" \ -d "client_secret=joiaHR0cHM6Ly9hdXRoLm9wZW5iYW5raW5ncGxhdGZvcm0uY29tIiwiYXVkIjpb" \ -d "grant_type=client_credentials" \ -d "scope=accountinformation corporate"bash
Response
{ "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIn0...", "expires_in": 3600, "token_type": "Bearer", "scope": "accountinformation corporate" }json
You now have an access token that you can use as authorization to make requests to the AIS API.