Overview#
The Core Banking API uses OAuth 2.0 Client Authentication to ensure secure access and protect customer data. This authentication method allows authorized applications to interact with the API while preventing unauthorized access.OAuth 2.0 provides a robust, token-based authentication mechanism that enables secure communication between clients and the banking system without exposing sensitive credentials.Authentication Flow#
The OAuth 2.0 authentication process follows these steps:1. Credentials#
Before accessing the API, developers must obtain the following from the financial institution:To request these credentials, contact the financial institution.2. Token Request#
A POST request must be sent to the token URL to obtain an access token. Below is an example of a token request.3. Token Response#
If authentication is successful, the API returns an Access Token, which is required for subsequent requests.
The token has an expiration time, after which a new token must be requested.4. Authorized Requests#
Once an OAuth 2.0 access token is obtained, it must be included in API requests to authenticate and authorize access to protected resources. The Authorization header in the request must contain the access token in the Bearer Token format.Modified at 2025-02-19 18:54:56
