Cards Authorization API CZ

Cards Authorization API CZ 2.0.0

0
No votes yet
forum Discuss this API in the forum
production
development
https://api-public.developer.rb.cz

Paths

/oauth2/authorize

get /oauth2/authorize

endpoint for Authorization Code and Implicit grants

description

clientID
client_id
(apiKey located in query)

application's client_id

response_type
Required in query
string

request an authorization code or or access token (implicit)

{
    "enum": [
        "code",
        "token"
    ]
}
scope
Required in query
string

Scope being requested. For Cards API use value CISP.

{
    "enum": [
        "CISP"
    ],
    "x-example": "CISP"
}
redirect_uri
Optional in query
string

URI where user is redirected to after authorization

{
    "x-example": "https:\/\/host.com\/process-access-token"
}
state
Optional in query
string

This string will be echoed back to application when user is redirected

Accept
Optional in header
string
text/html
200

An HTML form for authentication or authorization of this request.

302

Redirect to the clients redirect_uri containing one of the following

  • authorization code for Authorization code grant
  • access token for Implicity grant
  • error in case of errors, such as the user has denied the request
Example Request
Example Response
GET https://api-public.developer.rb.cz/psd2-rbcz-cards-oauth2-api-200/oauth2/authorize
Try this operation
https://api-public.developer.rb.cz/psd2-rbcz-cards-oauth2-api-200/oauth2/authorize
accept
response_type
scope
redirect_uri
state
post /oauth2/authorize

submit approval to authorization code or access token

Submit resource owners approval (or rejection) for the OAuth2 Server to issue an authorization code or access token to the application.

client_id
Required in formData
string

application requesting the access code or token

{
    "x-example": "d371b979-c037-4f2b-85ac-86f47e2b9f08"
}
scope
Required in formData
string

Requested scope of this authorization. For Cards API use value CISP.

{
    "enum": [
        "CISP"
    ],
    "x-example": "CISP"
}
resource-owner
Required in formData
string

resource owners user name

{
    "x-example": "jonhfoo"
}
redirect_uri
Required in formData
string

URI the application is requesting this code or token to be redirected to

{
    "x-example": "https:\/\/host.com\/process-access-token"
}
original-url
Required in formData
string

URL of the original authorization request

{
    "x-example": "https:\/\/myhost.com\/auth"
}
dp-state
Required in formData
string

state information provided in the authorization form

dp-data
Required in formData
string

state information provided in the authorization form

Content-Type
Optional in header
string
application/x-www-form-urlencoded
Accept
Optional in header
string
text/html
200

OK

Example Request
Example Response
POST https://api-public.developer.rb.cz/psd2-rbcz-cards-oauth2-api-200/oauth2/authorize
Try this operation
https://api-public.developer.rb.cz/psd2-rbcz-cards-oauth2-api-200/oauth2/authorize
content-type
accept
client_id
scope
resource-owner
redirect_uri
original-url
dp-state
dp-data

/oauth2/token

post /oauth2/token

Request Access Tokens

This endpoint allows requesting an access token following one of the flows below:

  • Authorization Code (exchange code for access token)
  • Client Credentials (2-legged, there isnt resource owner information)
  • Resource Owner Password Credentials (2-legged, client provides resource owner name and password)
  • Refresh Token (exchange refresh token for a new access code)

The table below indicates the required parameters for each specific grant_type options. Empty cells indicate a parameter is ignored for that specific grant type.

Client authentication:

  • Confidential clients should authenticate using HTTP Basic Authentication. Alternatively, they may post their client_id and client_secret information as a formData parameter.
  • Public clients should send their client_id as formData parameter.
grant_type code client_credentials password refresh_token
client_id required* required* required* required*
client_secret required* required* required* required*
code required
redirect_uri required
username required
password required
scope optional optional
refresh_token required

The implicit grant requests, see /oauth2/authorize.

grant_type
Required in formData
string

Type of grant

{
    "enum": [
        "authorization_code",
        "password",
        "client_credentials",
        "refresh_token"
    ]
}
client_id
Optional in formData
string

Application client ID, can be provided in formData or using HTTP Basic Authentication

{
    "x-example": "d371b979-c037-4f2b-85ac-86f47e2b9f08"
}
client_secret
Optional in formData
string

Application secret, must be provided in formData or using HTTP Basic Authentication

{
    "x-example": "secret"
}
code
Optional in formData
string

Authorization code provided by the /oauth2/authorize endpoint

redirect_uri
Optional in formData
string

required only if the redirect_uri parameter was included in the authorization request /oauth2/authorize; their values MUST be identical.

{
    "x-example": "https:\/\/host.com\/process-access-token"
}
username
Optional in formData
string

Resource owner username

{
    "x-example": "johnfoo"
}
password
Optional in formData
string

Resource owner password

{
    "x-example": "secret"
}
scope
Optional in formData
string

Scope being requested. For Cards API use value CISP.

{
    "enum": [
        "CISP"
    ]
}
refresh_token
Optional in formData
string

The refresh token that the client wants to exchange for a new access token (refresh_token grant_type)

Content-Type
Optional in header
string
application/x-www-form-urlencoded
Accept
Optional in header
string
application/json
200

json document containing token, etc.

access_token_response
400

json document that may contain additional details about the failure

Example Request
Example Response
POST https://api-public.developer.rb.cz/psd2-rbcz-cards-oauth2-api-200/oauth2/token
Try this operation
https://api-public.developer.rb.cz/psd2-rbcz-cards-oauth2-api-200/oauth2/token
content-type
accept
grant_type
client_id
client_secret
code
redirect_uri
username
password
scope
refresh_token

Definitions 

{
    "type": "object",
    "additionalProperties": false,
    "required": [
        "token_type",
        "access_token",
        "expires_in"
    ],
    "properties": {
        "token_type": {
            "enum": [
                "bearer"
            ]
        },
        "access_token": {
            "type": "string"
        },
        "expires_in": {
            "type": "integer"
        },
        "scope": {
            "type": "string"
        },
        "refresh_token": {
            "type": "string"
        }
    }
}