Authentication
Scope
This information applies to partner APIs. For PSD2, see PSD2 documentation.
Connecting
To connect to our APIs you need api credentials in the form of a client_id and client_secret. We will also soon support the use of eIDAS certificates as credentials. If you have not been granted access yet, please visit getting started.
We make use of OAuth2 for authorization with Auth0 as the IDP(Identity Provider) and the client credentials flow. This also means that our API’s only support machine identities and not “person based” access tokens.
How it works
- The client requests an access token from https://[environment].eu.auth0.com/oauth/token with
client_idandclient_secret - The client includes the
access_tokenin theAuthorizationheader in each API request - When the token expires, a new one can be requested using the client credentials
Example in bash(with jq)
# Get access token
curl --request POST \
--url https://[environment].eu.auth0.com/oauth/token \
--header 'content-type: application/json' \
--data '{"client_id":[client_id],"client_secret":[client_secret],"audience":"https://openbanking.[environment].no","grant_type":"client_credentials"}' | jq ".access_token" -r
# Do request
curl --url https://account.[environment].no/v1/accounts \
--header 'content-type: application/json; charset=utf-8' \
--header 'Authorization: Bearer $access_token' \
--header 'PSU-ID: [SSN]' | jq
The example above also contains the header parameter PSU-ID. This parameter is explained in detail in the authorization page.
Visual description of flow
+-------------+ +-------------+
| | | |
| +---authenticate-->+ |
| client | | IDP |
| +<---access_token--+ |
| | | |
+------+------+ +------+------+
| ^
| |
request w. | | validate
access_token| +-------------+ |access_token
| | | |
| | | |
+------>+ API +----------+
| |
| |
+-------------+