Tags:
- Phase›Realized
Custom Gateway API Endpoint
Paths
/partyAuthentication/partnerSession/authCode/authorize
Authorization code grant: Retrieve authorization code
To retrieve an authorization code, call the authorize endpoint by passing the required query parameters.
This authorization code is valid for a very short period of time and should be immediately exchanged for access token.
Value MUST be set to "code"
Client ID generated during application registration.
The set of scopes required to make the API calls. Scope is case insensitive and multiple values can be passed using space delimiter.
Country code in 2 character ISO 3166 format (upper case)
The 3 character business code. Use GCB for consumer banking (upper case)
Locale identify a specific language and geographic region, it shoule follow [language[_territory]. eg - en_US, en_SG
Used to identify the incoming request. eg -login
Opaque value to maintain the state between request and call back. This will be used to prevent cross-site request forgery.
Absolute uri for user-agent redirection.You should provide the uri used during client registration process.
An HTML form for authentication or authorization of this request.
Redirect to the clients redirect_uri
/partyAuthentication/partnerSession/authCode/token/{countryCode}/{businessCode}
Authorization code grant: Retrieve access token
Get an access token issued by calling our token endpoint and passing the authorization code from the previous call. The issued access token will have an expiry, and it will be valid only for the scope for which the consent has been provided by the customer. You can call the APIs by passing this token in Authorization header.
You also get a refresh token that can be used to get a new access token in case the original one expires.
HTTP Basic authentication by passing base64 encoded value of the client id and client secret separated by colon (:).Example: Base64(client_id:client_secret) will be passed as Basic KGNsaWVudF9pZDpjbGllbnRfc2VjcmV0KQ==
Value should always be application/x-www-form-urlencoded
Authentication grant type. Valid value is authorization_code
The code from the response of GET /authCode/oauth2/authorize
Absolute uri for user-agent redirection. You should provide the uri passed in GET /authCode/oauth2/authorize request
Successful operation.
| Type | Code | Details |
| invalid | invalidRequest | Missing or invalid Parameters |
| invalid | invalidGrant | Grant type is not valid |
| Type | Code | Details |
| error | unAuthorized | Authorization credentials are missing or invalid |
| Type | Code | Details |
| error | accessNotConfigured | Access is not configured for this resource |
| Type | Code | Details |
| error | resourceNotFound | Empty resource/resource not found |
| Type | Code | Details |
| fatal | serverUnavailable | The request failed due to an internal error/server unavailability |
/partyAuthentication/partnerSession/authCode/refresh
Authorization code grant: Refresh access token
If your access token has expired and you still have a valid refresh token, you can exchange it for a new set of valid access and refresh tokens.
HTTP Basic authentication by passing base64 encoded value of the client id and client secret separated by colon (:).Example: Base64(client_id:client_secret) will be passed as Basic KGNsaWVudF9pZDpjbGllbnRfc2VjcmV0KQ==
Content type. Value is application/x-www-form-urlencoded
The grant type. Valid value is refresh_token.
The refresh token issued to the client
Successful operation.
| Type | Code | Details |
| invalid | invalidRequest | Missing or invalid Parameters |
| invalid | invalidGrant | Grant type is not valid |
| Type | Code | Details |
| error | unAuthorized | Authorization credentials are missing or invalid |
| Type | Code | Details |
| error | accessNotConfigured | Access is not configured for this resource |
| Type | Code | Details |
| error | resourceNotFound | Empty resource/resource not found |
| Type | Code | Details |
| fatal | serverUnavailable | The request failed due to an internal error/server unavailability |
/partyAuthentication/partnerSession/authCode/revoke
Authorization code grant: Revoke access
The revoke call will terminate the access granted by citi customer to your application.
HTTP Basic authentication by passing base64 encoded value of the client id and client secret separated by colon (:).Example: Base64(client_id:client_secret) will be passed as Basic KGNsaWVudF9pZDpjbGllbnRfc2VjcmV0KQ==
Content type. Value is application/x-www-form-urlencoded
The token to be revoked
A hint about the type of the token submitted for revocation. Clients MAY pass this parameter in order to help the authorization server to optimize the token lookup. Valid values are access_token, refresh_token
The request has succeeded
| Type | Code | Details |
| invalid | invalidRequest | Missing or invalid Parameters |
| Type | Code | Details |
| error | unAuthorized | Authorization credentials are missing or invalid |
| Type | Code | Details |
| error | accessNotConfigured | Access is not configured for this resource |
| Type | Code | Details |
| error | resourceNotFound | Empty resource/resource not found |
| Type | Code | Details |
| fatal | serverUnavailable | The request failed due to an internal error/server unavailability |
Definitions
{
"properties": {
"status": {
"description": "The status of the token revocation request.",
"type": "string",
"example": "success"
}
}
}
{
"properties": {
"access_token": {
"description": "This field should be passed as Authorization header in API request calls",
"type": "string",
"example": "AAEkYzFjMDQ0Y2UtNTBmMy00NmY4LWI4YjEtYmQ5ODJkMWZiNGZh3xGP85xjqyxoHR7pXxzQJf223kWPL-HyWHD4zrRCvHZUkeBkTgxppbmpFtmWeVmjzDOxs1wFzI4s45YDS15eYmyuxzLbVog4d8H9pYSelrvL6naDYOLL9U16EaY0iyAMPBGX1H7RhCqtmd-7u_Eanw7QshbruLaZh2stOrdq2thC5CCSwW2r0e8PM1QbWubJOcMp8UGv-zNc0I3cTSihymSCF44HJ_yeuPAcXJ7kj-iPzQqxaO6FiWPmIsIh2YSxdGYo8alTyjJfG5AQDnM0HA"
},
"refresh_token": {
"description": "The refresh token value",
"type": "string",
"example": "AAGsyASCzlBplxGvA-5CFCkLhNinu6-0HQt-y7PuzsRLVAHok6yYs6KS2Np4t7bL0R8FMeT62wYXFxxY6F7LU_cc00QTXPfoQFFtay2tu3eGpBAGDg07ll_vNk_AEJo9l1GaEKYev7Q7drDOeRCDRqcD12zJzk36PsQEM6j1txFV2jR3snW5PLs3HVjxNRjUHWLR5IoI2qfb8zCZNahrFCRQ7T7ZVB_-E6Qk22tN3hZkZH7_kB3bZjtVoNxyjJ6qBDcrYdgtAvPvBV-xXDBmfUXD44JBYiZffHjEr2dFb_e3yA"
},
"refreshTokenExpiresIn": {
"description": "This refer to the time in refersh token expiry",
"type": "number",
"example": 2678400
},
"consentedOn": {
"description": "This refer to the customer consent time for authorization",
"type": "number"
},
"scope": {
"description": "The list of scopes separated by space",
"type": "string",
"example": "/dda/customer /dda/accountlist /dda/account /dda/accountsdetails /dda/account/transactions"
},
"token_type": {
"description": "The token type",
"type": "string",
"example": "bearer"
},
"expires_in": {
"description": "The access token expiry time (in seconds)",
"type": "number",
"example": 1800
}
},
"required": [
"access_token",
"token_type",
"expires_in",
"scope",
"refresh_token"
]
}
{
"properties": {
"access_token": {
"description": "The access token value received after exchanging the authorization token. This field should be passed as Authorization header in API request calls",
"type": "string",
"example": "AAEkYzFjMDQ0Y2UtNTBmMy00NmY4LWI4YjEtYmQ5ODJkMWZiNGZh3xGP85xjqyxoHR7pXxzQJf223kWPL-HyWHD4zrRCvHZUkeBkTgxppbmpFtmWeVmjzDOxs1wFzI4s45YDS15eYmyuxzLbVog4d8H9pYSelrvL6naDYOLL9U16EaY0iyAMPBGX1H7RhCqtmd-7u_Eanw7QshbruLaZh2stOrdq2thC5CCSwW2r0e8PM1QbWubJOcMp8UGv-zNc0I3cTSihymSCF44HJ_yeuPAcXJ7kj-iPzQqxaO6FiWPmIsIh2YSxdGYo8alTyjJfG5AQDnM0HA"
},
"refresh_token": {
"description": "You can use this token to refresh an expired access_token.",
"type": "string",
"example": "AAGsyASCzlBplxGvA-5CFCkLhNinu6-0HQt-y7PuzsRLVAHok6yYs6KS2Np4t7bL0R8FMeT62wYXFxxY6F7LU_cc00QTXPfoQFFtay2tu3eGpBAGDg07ll_vNk_AEJo9l1GaEKYev7Q7drDOeRCDRqcD12zJzk36PsQEM6j1txFV2jR3snW5PLs3HVjxNRjUHWLR5IoI2qfb8zCZNahrFCRQ7T7ZVB_-E6Qk22tN3hZkZH7_kB3bZjtVoNxyjJ6qBDcrYdgtAvPvBV-xXDBmfUXD44JBYiZffHjEr2dFb_e3yA"
},
"refreshTokenExpiresIn": {
"description": "This refer to the time in refersh token expiry",
"type": "number",
"example": 2678400
},
"consentedOn": {
"description": "This refer to the customer consent time for authorization",
"type": "number"
},
"scope": {
"description": "Set of scopes allowed by customer and separated by space",
"type": "string",
"example": "/dda/customer /dda/accountlist /dda/account /dda/accountsdetails /dda/account/transactions"
},
"token_type": {
"description": "Type of the access token issued. This is bearer token for authorization_code grant type",
"type": "string",
"example": "bearer"
},
"expires_in": {
"description": "Validity of access token in seconds",
"type": "number",
"example": 1800
}
},
"required": [
"access_token",
"token_type",
"expires_in",
"scope",
"refresh_token"
]
}
{
"properties": {
"type": {
"description": "Invalid - Request did not confirm to the specification and was unprocessed and rejected. Please fix the value and try again",
"enum": [
"error",
"warn",
"invalid",
"fatal"
],
"type": "string"
},
"code": {
"description": "Error code which qualifies the error",
"type": "string"
},
"details": {
"description": "Human readable explanation specific to the occurrence of the problem",
"type": "string"
},
"location": {
"description": "The name of the field that resulted in the error",
"type": "string"
},
"moreInfo": {
"description": "URI to human readable documentation of the error",
"type": "object"
}
},
"required": [
"type",
"code"
]
}