For Data Recipients

Complete the following sections to use the Open Banking API as a Data Recipient.

1. Optionally, determine which Data Providers a Data Recipient is registered to

Get an access_token by passing your client credentials to the /Token endpoint. Then call the /Providers endpoint and pass the access_token. You'll receive a list of Data Providers who are registered to the Data Recipient.

This step is optional and is not required to authorize.

2. Authorize with a Data Provider

Initiate the authorization process with the Data Provider by calling the /Authorize endpoint.

If the request is successful and the customer provides consent, you'll receive a 302 response at the redirect_uri, an authorization code and the original state

If the request is not successful or the customer declines to provide consent, you'll receive an error, error_description, and the original state.

https://ob.flinksapp.com/api/v1/authorize?
response_type=code
&client_id=clientid
&redirect_uri=https%3A%2F%2Fexample.com%2Fcallback
&scope=ACCOUNT_BASIC%20ACCOUNT_DETAILED%20ACCOUNT_PAYMENTS%20INVESTMENTS%20TRANSACTIONS%20STATEMENTS%20CUSTOMER_CONTACT%20CUSTOMER_PERSONAL
&state=state
&provider_id=1000
&correlation_id=fce84d61-dfa8-4e2b-bd94-f1ec6a445841
https://www.example.com/callback?
code=code
&state=state
https://www.example.com/callback?
error=access_denied
&error_description=The user denied the access
&state=state

3. Exchange the authorization code for an access token

Call the /Token endpoint and use authorization_code as the grant_type.

If the request is successful, you'll receive an access token:

{
  "access_token": "{access_token}",
  "token_type": "Bearer",
  "expires_in": 300,
  "refresh_token": "{refresh_token}"
}

4. Start receiving your data

Use the access_token to call the Data Access endpoints

and start receiving your data.

For example, to get customer account data, call the /Accounts endpoint and pass the access_token:

5. Get a refresh token

When your access_token expires, call the /Token endpoint and use refresh_token as the grant_type. If the request is successful, you'll receive a new access_token.