API Authentication
Generate API Credentials and an Access Token
Overview
This guide details the steps required to authenticate your API requests.
- Generate API Credentials
- Obtain an Access Token
This process is the same for all of the services available through the Open Finance API.
OpenAPI 3.0 Specification
Download our OpenAPI 3.0 Specification in YAML or JSON format
Generating API Credentials
Prerequisites:
- An application, See: Create an Application
Steps:
- Navigate to Application → Basic Details for your Application.
- On the Basic Details page select Create under API Credentials.
- Make a note of your
client_idandclient_secret.
IMPORTANT
You cannot retrieve the secret after the initial creation. If you lose the secret you must revoke credentials and create a new set.
Obtain an Access Token
Our APIs are secured via Bearer Authentication using OAuth 2.0 Access Tokens.
Your application can access a range of APIs. These are provisioned through Service Packs, such as the Open Wealth service pack, which provides access to Open Finance Data. As a client of FNZ, you may also be provisioned access to other service packs.
When obtaining an access token, you must supply resource and scope to identify the services you plan to use the token for. The access token you receive will be scoped to the requested resources.
You can see the resources and scopes under subscribed service pack in your application:
Namespaced APIs
Some resource indicators will have the form of a fully qualified URI, e.g.: https://api.sandbox.tapico.io/ext/ae0-opapi/. These are namespaced APIs and the resource indicator also indicates the base URI to request the corresponding APIs, e.g. GET https://api.sandbox.tapico.io/ext/ae0-opapi/openplatform/accounts.
OAuth Token Request
With your API Credentials, resource and scope, you can now obtain an access token via the client credentials flow by making a POST request to the /oauth/token endpoint like so:
curl -X POST https://api.sandbox.tapico.io/v1/oauth/token \
-H 'content-type: application/x-www-form-urlencoded' \
-H 'region: EU' \
-d 'grant_type=client_credentials&resource={resource}&scope={scope}&client_id={client_id}&client_secret={client_secret}'
Open Wealth Regions
Access tokens for Open Wealth are region-specific and can only be used for the particular region for which they are requested. This is specified by the
regionheader in the OAuth token request.For more information on regions click here.
The response contains the access token, you need to include this as an Authorization: bearer {token} header when making further requests to the Open Finance API, for example:
{
"access_token": "eyJhbG...EQoLYw",
"expires_in": 600,
"token_type": "Bearer",
"scope": "https://tapico.io/open-wealth"
}
Authorization: Bearer {{access_token}}
Access Token Expiry
The access tokens are designed to be short lived and only last for ten minutes, after which you will need to request a new one.
Consent Journeys
All of the services; access to personal financial data and payment initiation; rely on having the consent of the End-User. The consent journey flow can differ slightly depending on your use case.
- If your Application is integrating to be a part of a Partner App Store you should implement: Short Consent Journey.
- If your Application is calling the Open Finance API direct for any other use case, you should implement: Long Consent Journey
- If your Application is integrated with TapiPay you will need to implement the payment consent flow: Initiate a Payment.
Updated 6 months ago
Once you have achieved the following:
☑ Created an Application
☑ Subscribed to the Open Wealth Service Pack
☑ Have at least one Account Servicer Link approved
☑ Understand how to authenticate with the API
You are ready to start using the services on offer: