Firstly, TTP must authenticate with us and obtain an public access token. This token is used to create new Account consents and Payments resources.
Authorization request:
https://<port>:<host>/as/token.oauth2
grant_type:client_credentials
scope:accounts
client_assertion_type:urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
client_assertion:eyJhbGciOiJSUzUxMiIsImtpZCI6IjEyMzQ1IiwidHlwIjoiSldUIn0.eyJpc3MiOiJUUFAxIiwiaWF0IjoxNTYzMjA0MDA3LCJleHAiOjE1NjMyMzUyMDAsImF1ZCI6Ii9hcy90b2tlbi5vYXV0aDIiLCJzdWIiOiJzNkJoZFJrcXQzIn0.nZoO8w7KHGACFBvx-GXC7XXENeB5yCuA7p0FmK182yqIyL5L2q8Az2n0oGYX-sAFUiCQxgpcajBP6bm7QT9cBJ8VF-KseCkpNaaX64TKp4zhip2_mYPZ57nF3xKNV4q_OjAALNNeuQAMb_JSan_gJzK2-I2jBkBUxCZ9bMuNqYtQqR0DYu_hajnthJGiKN6aYzoM-X_BYeq5tY95Ce16tyzRnUPQWGcw0zs1aLyaPq8Vr9pkW-iZYMRKrK80F-Kr-uUg_D39ABDDedsXKT4aoWERSMVsdufXYBKL4kqmh7LcDBRx8gUpHOg3Jn6naQeMBZolMuzKFw4jFALKgOUEuw
Where client_assertion is JWT signed by TPP certificate registered in BBK.
JWT payload (for client assertion):
{
"iss": "TPP1",
"iat": 1563204007,
"exp": 1563235200,
"aud": "/as/token.oauth2",
"sub": "s6BhdRkqt3"
}
Authorization response with created token:
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAxIiwic2NvcGUiOiJhY2NvdW50cyIsImlzcyI6IkFQSV9HVyIsImV4cCI6MTU2MzI5MzY0MCwiaWF0IjoxNTYzMjA3MjQwfQ.cLMitrej3poizgphcnnxZQjewObJiownqoIGlxh3z1-_38drvGr32tN1z0vAm0maIa7uhQ9qt0ucEkVxnkj46adsdav4w1G7V4DypSTI1LzhtWdqzK2QOm6gpDIbxY13uEovIO2tRdCC9O4-W6AM1O_e00ZbtvWOld9oOrDRo01rj_aZrS2RVCX49H7_n1pD2ORHUbBHh_lRgv6O2IErm75rUOxKEt5QMTAwiBDrHGXnuUz47N-8CX5E44WUHNJMA6uOZNZra2wv3J8jZshvzDlwTpzY0dbxysQYBNQF8kzBacfut3iWlSKyiBrxpPK3R8VBi8gcCpteSL4J4ZMZ3g",
"expires_in": 86400,
"token_type": "bearer",
"scope": "accounts"
}