Security Information

(0 reviews)

home

Authentication and Authorization

This document explains how to complete the necessary authentication and authorization steps in order to start using C.Hoare & Co. data API's

Prerequisites

  1. You must be registered with Open Banking. You can register here https://directory.openbanking.org.uk/s/login/
  2. You must have completed onboarding with the bank, and been issued with the Client Credentials

Get Access Token Using Client Credentials Grant

This allows an AISP to request an access token (also known as a Bearer Token) using the Client Credentials grant (provided in the Client onboarding). This access token is required before the AISP can invoke the POST /account-access-consents endpoint.

Request ParametersExampleDescription
grant_typeclient_credentialsThe grant type being requested
scopeaccountsThe scope being requested
client_assertion_type
client_assertionJWT will be signed by the TPP and will be validated with Open Banking
Response ParametersExampleDescription
access token"2YotnFZFEjr1zCsicMWpAA"The access token to be used in the Authorization call
expires_in3600When the token will expire in seconds. E.g. the value of 3600 seconds means the token will expire in one hour from the time the response was generated
token_type"bearer"
Scope"accounts"

Example:

Request:

POST  /auth/token.oauth2 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json
grant_type=client_credentials
=accounts
-assertion-type%3Ajwt-bearer
=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRw
czovL2p3dC1pZHAuZXhhbXBsZS5jb20iLCJzdWIiOiJtYWlsdG86bWlrZUBleGFtcGxlLmN
vbSIsIm5iZiI6MTQ5OTE4MzYwMSwiZXhwIjoxNDk5MTg3MjAxLCJpYXQiOjE0OTkxODM2MD
EsImp0aSI6ImlkMTIzNDU2IiwidHlwIjoiaHR0cHM6Ly9leGFtcGxlLmNvbS9yZWdpc3Rlc
iJ9.SAxPMaJK_wYl_W2idTQASjiEZ4UoI7-P2SbmnHKr6LvP8ZJZX6JlnpK_xClJswAni1T
p1UnHJslc08JrexctaeEIBrqwHG18iBcWKjhHK2Tv5m4nbTsSi1MFQOlMUTRFq3_LQiHqV2
M8Hf1v9q9YaQqxDa4MK0asDUtE_zYMHz8kKDb-jj-Vh4mVDeM4_FPiffd2C5ckjkrZBNOK0
01Xktm7xTqX6fk56KTrejeA4x6D_1ygJcGfjZCv6Knki7Jl-6MfwUKb9ZoZ9LiwHf5lLXPuy
_QrOyM0pONWKj9K4Mj7I4GPGvzyVqpaZUgjcOaZY_rlu_p9tnSlE781dDLuw


Success Response:

Content-Length: 1103
Content-Type: application/json
Date: Mon, 26 Jun 2017 15:18:28 GMT
{

"access_token": "2YotnFZFEjr1zCsicMWpAA",
"expires_in": 3600,
"token_type":
"bearer",
"scope":"accounts"

}

Error Responses

HTTP CodeErrorDescription
400 Bad requestinvalid_request
400 Bad requestinvalid_client
400 Bad requestinvalid_grant
400 Bad requestunauthorised_client
400 Bad requestunsupported_grant_type
400 Bad requestinvalid_scope
500Server_Error

This follows on from the POST / account access consents and allows the AISP to create an authorization request (using a signed JWT request containing the ConsentId as a claim) for the customer to authorize the consent request directly with the bank.

This API will authenticate the customer on the bank's platform, and on successful authentication, this will provide the AISP with an authorization code which can be used to get an access token to access account data

Request ParameterExampleDescription
reponse_typecode id_tokenThe OAuth flow type being used
client_ids6BhdRkqt3The client ID of your application registered in the developer portal
stateaf0ifjsldkjThe state as specified by the TPP
scopeaccountsThe scope being requested
redirect_urihttps://example.com/redirectThe redirect URL of the application registered in the developer portal
noncen-0S6_WzA2MjThe nonce as specified by the TPP
requestAn OIDC request object containing the details of the Consent that needs to be authorized,
GET /authorize?
response_type=code id_token
=s6BhdRkqt3
=af0ifjsldkj
=openid payments
=n-0S6_WzA2Mj
=https://api.mytpp.com/cb
=CJleHAiOjE0OTUxOTk1ODd.....JjVqsDuushgpwp0E.5leGFtcGxlI
iwianRpIjoiM....JleHAiOjE0.olnx_YKAm2J1rbpOP8wGhi1BDNHJjVqsDuushgpwp0E


HTTP/1.1 302 Found
  Location: https://api.mytpp.com/cb#
    code=SplxlOBeZQQYbYS6WxSbIA
    =eyJ0 ... NiJ9.eyJ1c ... I6IjIifX0.DeWt4Qu ... ZXso
    =af0ifjsldkj

Get Access Token using Authorization Code

This step allows an AISP to exchange the authorization code for the access token required to access the data APIs.


grant_type=authorization_code
=SplxlOBeZQQYbYS6WxSbIA
=https://api.mytpp.com/cb
=
    urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRw
czovL2p3dC1pZHAuZXhhbXBsZS5jb20iLCJzdWIiOiJtYWlsdG86bWlrZUBleGFtcGxlLmN
vbSIsIm5iZiI6MTQ5OTE4MzYwMSwiZXhwIjoxNDk5MTg3MjAxLCJpYXQiOjE0OTkxODM2MD
EsImp0aSI6ImlkMTIzNDU2IiwidHlwIjoiaHR0cHM6Ly9leGFtcGxlLmNvbS9yZWdpc3Rlc
iJ9.SAxPMaJK_wYl_W2idTQASjiEZ4UoI7-P2SbmnHKr6LvP8ZJZX6JlnpK_xClJswAni1T
p1UnHJslc08JrexctaeEIBrqwHG18iBcWKjhHK2Tv5m4nbTsSi1MFQOlMUTRFq3_LQiHqV2
M8Hf1v9q9YaQqxDa4MK0asDUtE_zYMHz8kKDb-jj-Vh4mVDeM4_FPiffd2C5ckjkrZBNOK0
01Xktm7xTqX6fk56KTrejeA4x6D_1ygJcGfjZCv6Knki7Jl-6MfwUKb9ZoZ9LiwHf5lLXPuy
_QrOyM0pONWKj9K4Mj7I4GPGvzyVqpaZUgjcOaZY_rlu_p9tnSlE781dDLuw



HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache

{
 "access_token": "SlAV32hkKG",
 "token_type": "Bearer",
 "expires_in": 3600
}

Reviews