Retrieve your Oauth 2 access token !
Step-by-step process
1- Send a request directly to the IT infrastructure of the bank account holder.
For live access, the entry point to recover the access token depends on banking institution with the following format "https://www.30007.live.api.89c3.com/stet/psd2/oauth/token".
In order to be able to query the right backend, it is therefore necessary that you request the PSU to select its banking institution thru your interfaces.
The detailed parameters are:
POST /psd2/oauth/token?client_id={clientId}&scope={scope}[&grant-type=client_credentials
| Name | Data | Type and constrains | |
| grant_type | [1..1] | Requested autorisation type | String [34] => must be valued with "client_credentials" |
| client_id | [1..1] | TPP identification | String [34] => must be equal or linked to the OrganizationIdentifier part of the Distinguished Name" of the eIDAS certificate, according to ETSI specification => your agreement number as defined by your national competent authority. (PSDXX-YYYY-ZZZZZ) |
| scope | [0..1] | Spécifies the generic accreditations that both the PSU and the TPP agreed on : PISP | Chaîne [140] => Space delimited roles lists. Default value is "pisp" |
2- The bank account holder (ASPSP) performs checks upon your TPP profile (the certificate validity, your registered role, the non-revocation of your profile, etc…)
3- Once these checks are OK, the bank returns an HTTP 200 (OK) response containing the following data:
| Name | Data | Type and constrains | |
| access_token | [1..1] | Access token provided by the ASPSP to the TPP | String [140] => ex : ""nACXdBobTpdwRRaYy2H3w7pP5Xe61e1R9rwxMuhk7G0fULg8x6kJHz" |
| token_type | [1..1] | Type of the provided token ("Bearer" or "MAC" | String[10] => must be valued with "Bearer" |
| expires_in | [0..1] | Token lifetime, in seconds. The token can be used several times as far as it is not expired | Numeric => ex : "3600" |
| scope | [1..1] | Spécifies the generic accreditations that both the PSU and the TPP agreed on : PISP | Chaîne [140] => Default value is "pisp" |
The access token must be used in every request in the authorization header with “Bearer” as a prefix.
If the token is expired, the request will be rejected with an HTTP403 error code indicating “Invalid token”. Such request might be sent again each time a new access token has been granted.