API Authentication

Generate API Credentials and an Access Token

Overview

This guide details the steps required to authenticate your API requests to Tapico.

  1. Generate API Credentials
  2. Obtain an Access Token

This process is the same for all of the services available through the Tapico Open Finance API.

πŸ‘

OpenAPI 3.0 Specification

Download our OpenAPI 3.0 Specification in YAML or JSON format


Generating API Credentials

Prerequisites:

Steps:

  1. Navigate to Application β†’ Basic Details for your Application.
  2. On the Basic Details page select Create under API Credentials.
  3. Make a note of your client_id and client_secret.

❗️

IMPORTANT

You cannot retrieve the secret after the initial creation. If you lose the secret you must revoke credentials and create a new set.

Β 

Obtain an Access Token

Our APIs are secured via Bearer Authentication using OAuth 2.0 Access Tokens.

Your application can access a range of APIs via Tapico. These are provisioned through Service Packs, such as the Open Wealth service pack, which provides access to Open Finance Data. As a client of FNZ, you may also be provisioned access to other service packs.

When obtaining an access token, you must supply resource and scope to identify the services you plan to use the token for. The access token you receive will be scoped to the requested resources.

You can see the resources and scopes under subscribed service pack in your application:

Namespaced APIs

Some resource indicators will have the form of a fully qualified URI, e.g.: https://api.sandbox.tapico.io/ext/ae0-opapi/. These are namespaced APIs and the resource indicator also indicates the base URI to request the corresponding APIs, e.g. GET https://api.sandbox.tapico.io/ext/ae0-opapi/openplatform/accounts.

OAuth Token Request

With your API Credentials, resource and scope, you can now obtain an access token via the client credentials flow by making a POST request to the /oauth/token endpoint like so:

curl -X POST https://sandbox.tapico.io/api/v1/oauth/token \
  -H 'content-type: application/x-www-form-urlencoded' \
  -H 'region: EU' \
  -d 'grant_type=client_credentials&resource={resource}&scope={scope}&client_id={client_id}&client_secret={client_secret}'

πŸ“˜

Open Wealth Regions

Access tokens for Open Wealth are region-specific and can only be used for the particular region for which they are requested. This is specified by the region header in the OAuth token request.

For more information on regions click here.

The response contains the access token, you need to include this as an Authorization: bearer {token} header when making further requests to the Open Finance API, for example:

{
  "access_token": "eyJhbG...EQoLYw",
  "expires_in": 600,
  "token_type": "Bearer",
  "scope": "https://tapico.io/open-wealth"
}
Authorization: Bearer {{access_token}}

🚧

Access Token Expiry

The access tokens are designed to be short lived and only last for ten minutes, after which you will need to request a new one.

Β 

Consent Journeys

All of Tapico's services; access to personal financial data and payment initiation; rely on having the consent of the End-User. The consent journey flow can differ slightly depending on your use case.

  1. If your Application is integrating to be a part of a Tapico Partner App Store you should implement: Short Consent Journey.
  2. If your Application is calling the Open Finance API direct for any other use case, you should implement: Long Consent Journey
  3. If your Application is integrated with TapiPay you will need to implement the payment consent flow: Initiate a Payment.

What’s Next

Once you have achieved the following:

β˜‘ Created an Application
β˜‘ Subscribed to the Open Wealth Service Pack
β˜‘ Have at least one Account Servicer Link approved
β˜‘ Understand how to authenticate with the Tapico API

You are ready to start using the services on offer: