API Authentication

Generate API Credentials and an Access Token

Suggest Edits

Overview

This guide details the steps required to make an authenticated call against the Open Finance API.

  1. Generate API Credentials
  2. Obtain an Access Token

This process is the same for all of the services available through the Tapico Open Finance API.

πŸ‘

OpenAPI 3.0 Specification

Download our OpenAPI 3.0 Specification in YAML or JSON format

Generating API Credentials

  1. Navigate to Application β†’ Basic Details for your Application.
  2. On the Basic Details page select Create under API Credentials.
  3. Make a note of your client_id and client_secret.
2558

❗️

IMPORTANT

You cannot retrieve the secret after the initial creation. If you lose the secret you must revoke credentials and create a new set.

Β 

Obtain an Access Token

With the API Credentials in hand you're ready to connect to our API. Our API is secured via Bearer Authentication and all endpoints which deal with user data require an OAuth 2.0 Access Token to access.

You can obtain an access token via the client credentials flow by making a POST request to the /oauth/token endpoint like so:

curl -X POST https://sandbox.tapico.io/api/v1/oauth/token \
  -H 'content-type: application/x-www-form-urlencoded' \
  -H 'region: EU' \
  -d 'grant_type=client_credentials&scope=https://tapico.io/open-wealth&client_id={client_id}&client_secret={client_secret}'

πŸ“˜

Regions

Access tokens are region-specific and can only be used for the particular region for which they are requested. This is specified by the region header in the OAuth token request.

For more information on regions click here.

The response contains the access token, you need to include this as an Authorization: bearer {token} header when making further requests to the Open Finance API, for example:

{
  "access_token": "eyJhbG...EQoLYw",
  "expires_in": 600,
  "token_type": "Bearer",
  "scope": "https://tapico.io/open-wealth"
}

Authorization: Bearer {{access_token}}

🚧

Access Token Expiry

The access tokens are designed to be short lived and only last for ten minutes, after which you will need to request a new one.

Β 

Consent Journeys

All of Tapico's services; access to personal financial data and payment initiation; rely on having the consent of the End-User. The consent journey flow can differ slightly depending on your use case.

  1. If your Application is integrating to be a part of a Tapico Partner App Store you should implement: Short Consent Journey.
  2. If your Application is calling the Open Finance API direct for any other use case, you should implement: Long Consent Journey
  3. If your Application is integrated with TapiPay you will need to implement the payment consent flow: Initiate a Payment.

Updated about 1 year ago

What’s Next

Once you have achieved the following:

β˜‘ Created an Application
β˜‘ Subscribed to the Open Wealth Service Pack
β˜‘ Have at least one Account Servicer Link approved
β˜‘ Understand how to authenticate with the Tapico API

You are ready to start using the services on offer: