Use the /api/v1/token endpoint to receive an access token so that you can start using the Open Banking API.

Token Structure

When you use the authorization_code or refresh_token as the grant type, the token will include the following claims:

  "client_id": "dc-7tf8aijpjqofl3uxppi136ldc",
  "sub": "bbc6eb83-60fa-4fb0-a6ea-9e2bd54e1071",
  "exp": 1709147034

The sub claim can be used to uniquely identify the user at the Data Provider

About the refresh_token

When you're using authorization_code as the grant type, the refresh_token that you receive is controlled by Flinks. It has an idle timeout of 30 days and does not expire. This means that it can be refreshed indefinitely unless it's revoked. The refresh_token also does not change when exchanged.


Receiving a 400, 401 or 403 error response

The data collection lifecycle is not connected to the refresh_token.

If you receive a 400, 401 or 403 error when calling this endpoint, it means that either the tokens that are managed by Flinks have expired.

How to handle an error response

If you receive an error response, refer to the List of Authorization Errors for more information about the error and how to resolve it.

Click Try It! to start a request and see the response here!