Complete the following sections to use the Open Banking API as a Data Recipient.
1. Optionally, determine which Data Providers a Data Recipient is registered to
Get an access_token
by passing your client credentials to the /Token
endpoint. Then call the /Providers
endpoint and pass the access_token
. You'll receive a list of Data Providers who are registered to the Data Recipient.
This step is optional and is not required to authorize.
2. Authorize with a Data Provider
Initiate the authorization process with the Data Provider by calling the /Authorize
endpoint.
If the request is successful and the customer provides consent, you'll receive a 302 response at the redirect_uri
, an authorization code
and the original state
If the request is not successful or the customer declines to provide consent, you'll receive an error
, error_description
, and the original state
.
https://ob.flinksapp.com/api/v1/authorize?
response_type=code
&client_id=clientid
&redirect_uri=https%3A%2F%2Fexample.com%2Fcallback
&scope=ACCOUNT_BASIC%20ACCOUNT_DETAILED%20ACCOUNT_PAYMENTS%20INVESTMENTS%20TRANSACTIONS%20STATEMENTS%20CUSTOMER_CONTACT%20CUSTOMER_PERSONAL
&state=state
&provider_id=1000
&correlation_id=fce84d61-dfa8-4e2b-bd94-f1ec6a445841
https://www.example.com/callback?
code=code
&state=state
https://www.example.com/callback?
error=access_denied
&error_description=The user denied the access
&state=state
3. Exchange the authorization code for an access token
Call the /Token
endpoint and use authorization_code
as the grant_type
.
If the request is successful, you'll receive an access token:
{
"access_token": "{access_token}",
"token_type": "Bearer",
"expires_in": 300,
"refresh_token": "{refresh_token}"
}
4. Start receiving your data
Use the access_token
to call the Data Access endpoints
and start receiving your data.
For example, to get customer account data, call the /Accounts
endpoint and pass the access_token
:
5. Get a refresh token
When your access_token
expires, call the /Token
endpoint and use refresh_token
as the grant_type
. If the request is successful, you'll receive a new access_token
.