Guides

Access Tokens

All requests made to the Open Banking API requires an access token. Requesting an access token requires you to provide your client_id and client_secret, which were generated when you created your application in the Developer Portal. Access tokens are valid for one hour and belong to a certain product and scope only. The available options for the scope parameter can be found here.

This guide shows you how to acquire an access token with scope accountinformation corporate, allowing you to make requests to the Account Information Service (AIS) API for corporate accounts.

We use OAuth2 with client credentials for authentication which is a well-known standard. Please use a library for authenticating with us instead of coding it yourself.

Request Token

Endpoint

POST /connect/token
http

Request Headers

NameTypeDescription
AcceptstringSpecifies the desired response format.
Content-TypestringSpecifies the request format.

Request Body

NameTypeDescription
client_idstringThe Client ID of the application you created in the Developer Portal.
client_secretstringThe secret key that was generated when the application was created.
grant_typestring(enum)Specifies the OAuth 2.0 grant flow to use. For client-based access tokens, this should be client_credentials.
scopestringSpecifies the level of access requested. It is a space-separated string combining API scopes (e.g. accountinformation) and PSU context scopes (e.g. corporate).
curl -X POST "https://auth.openbankingplatform.com/connect/token" \
  -H "Accept: application/json" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "client_id=555510ad-da62-4e6d-80b8-e18967eabf0b" \
  -d "client_secret=joiaHR0cHM6Ly9hdXRoLm9wZW5iYW5raW5ncGxhdGZvcm0uY29tIiwiYXVkIjpb" \
  -d "grant_type=client_credentials" \
  -d "scope=accountinformation corporate"
bash

Response

{
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIn0...",
    "expires_in": 3600,
    "token_type": "Bearer",
    "scope": "accountinformation corporate"
}
json

You now have an access token that you can use as authorization to make requests to the AIS API.