Use the /api/v1/token endpoint to receive an access token so that you can start using the Open Banking API.
Token Structure
When you use the authorization_code or refresh_token as the grant type, the token will include the following claims:
{
"client_id": "dc-7tf8aijpjqofl3uxppi136ldc",
"sub": "bbc6eb83-60fa-4fb0-a6ea-9e2bd54e1071",
"exp": 1709147034
}
The sub claim can be used to uniquely identify the user at the Data Provider
About the refresh_token
refresh_tokenWhen you're using authorization_code as the grant type, the refresh_token that you receive is controlled by Flinks. It has an idle timeout of 30 days and does not expire. This means that it can be refreshed indefinitely unless it's revoked. The refresh_token also does not change when exchanged.
Receiving a 400, 401 or 403 error response
The data collection lifecycle is not connected to the
refresh_token.If you receive a 400, 401 or 403 error when calling this endpoint, it means that either the tokens that are managed by Flinks have expired.
How to handle an error response
If you receive an error response, refer to the List of Authorization Errors for more information about the error and how to resolve it.