OP Corporate Banking APIs Token management (1.0)
Download OpenAPI specification:Download
OP Corporate Banking APIs Token management enables OP corporate customers
to access OP Corporate Banking APIs.
Authentication in OP Corporate Banking APIs is based on practices from OpenID Connect (OIDC) 1.0 and OAuth 2.0. No user authentication is required (OAuth2.0 server-to-server client credentials flow is followed).
It is extremely important that the client ID, client secret and client certificate private key are not exposed at any point. Together they represent the identity of the client and thereby the corporation. In the possession of an attacker they could be used to make fraudulent API calls potentially causing considerable damage.
Generate access token
The service generates an access token
Request Body schema: application/x-www-form-urlencodedrequired
| grant_type required | string Value: "client_credentials" Access token grant type, to be set always as 'client_credentials'. |
| client_id required | string Client ID (to be retrieved from OP API Admin) |
| client_secret required | string Client secret (to be retrieved from OP API Admin) |
Responses
Request samples
- CLI
- C#
- Java
- Node.js
- PHP
- Python
- CURL
#!/bin/bash # To run this you need openssl and jq installed. # Steps for registering the required keys and certificates # 1. Valid Corporate API contract created through OP API Admin # 2. OAuth clientId and clientSecret provisioned # 3. mTLS private key generated: openssl genrsa -out sandbox-mtls.key 4096 # 4. mTLS certificate signing request (CN and other attributes are ignored): openssl req -new -key sandbox-mtls.key -out sandbox-mtls.csr # 5. Valid mTLS certificate aquired from OP API Admin using the csr from step 4. and in "sandbox-mtls.crt" file # OAuth credentials clientId="TODO put here oauth client id" clientSecret="TODO and here client secret" # MTLS credentials mtlsKey="sandbox-mtls.key" mtlsCertificate="sandbox-mtls.crt" API_SERVER="https://api.corp-api-sandbox.test.aws.op-palvelut.net" echo "Getting access token" reply=$(curl -s ${API_SERVER}/corporate-oidc/v1/token \ --key ${mtlsKey} \ --cert ${mtlsCertificate} \ -H 'Content-Type:application/x-www-form-urlencoded' \ -d "grant_type=client_credentials&client_id=${clientId}&client_secret=${clientSecret}") token=$(echo $reply | jq -r .access_token) echo "Access token is: $token"
Response samples
- 200
- 400
- 403
- 500
- 503
{- "access_token": "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOiIxOGIxY2Y3NThjMWQ0ZWM2YmRhNjU4OTM1N2FiZGQ4NSIsInR5cCI6IkpXVCIsImN0eSI6IkpXVCJ9.gCbxP78o3DgpDTUQbuHniuGgYpATqgGkRGy7paC6hRrz7N7eIa6sAOWDO9Fhnj-c8ocMl4cF4Jb_mv5qRPCh9r57PBqx7jOhMIMPTwJGpjcyBaqtHlZlu1vupY5tQ3Y2jGz1Ti4BnywaeEHPyIPQJtN7F7hIAORzj7IY4sIKkVXtQJZgaKW8pEHq_GCqj8i5aaiM0uJnRG3GOh3livp9Npjv9doqp3gyPa1zjrg2H1RsOGn0j2QMGvtuVfkuNwF-SoPKFECyHOq0ZK1oH2sTO8-JwvHflbIZQr5xWTpS8q7MbUXEuqURtrg0Tj-2z6tdaOLT4b3UeDufK2ar3bBfRD4-nRALtoY0ekcMyGFOS7o1Mxl3hy5sIG-EySyWeuBVy68aDWDpi9qZoQuY1TbxxakjncCOGu_Gh1l1m_mK2l_IdyXCT_GCfzFq4ZTkPZ5eydNBAPZuxBLUb4BrMb5iDdZjT7AgGOlRre_wIRHmmKm8W9nDeQQRmbIXO23JuOw9.BDCarfq2r_Uk8DHNfsNwSQ.4DuQx1cfJXadHnudrVaBss45zxyd6iouuSzZUyOeM4ikF_7hDOgwmaCma-Z97_QZBJ5DzVn9SJhKUTAqpVR3BRGAxJ_HAXU5jaTjXqbvUaxsh7Z5TgZ9eck0FIoe1lkwv51xEvYqqQ_Xojr4MAEmLuME_9ArCK9mNaMADIzOj4VoQtaDP1l26ytocc-oENifBRYGu28LbJLkyQKzyQy6FuAOtWjLM0WCXV7-o_dvj6qfeYHNBD7YBSxyqdgD8dcxMBNd2sK73YsZPHEa0V1-8zz7hm3bH3tZelpwPWScqLLW_SUH586c0FVeI6ggvqzjfLZ_Y6eQibVSdXfOtJBk22QrLsuCXbRK8G1w9t23Pwu8ukUAw4v0l7HeaW_0SJyKSPQANRP83MyFbK7fmzTYaW9TYN2JrKN-PLpd2dIFSm2Ga_EfaCwNJBm4RDMzDNrf-O0AissvYyHb0WaALiCiFCogliYqLzRB6xDb-b4964M.J7WDOFLRRPJ7lLpTfN2mOiXLDg5xtaF-sLQ4mOeN5oc",
- "token_type": "Bearer",
- "expires_in": 900
}