Skip to main content

bLink API - consent flow module (2.0.15.2-fi)

Download OpenAPI specification:Download

This is the specification of the bLink 'consent-flow' module API.

oauth

oauth OAuth endpoint

Get the OAuth access and refresh token

Returns the OAuth access and refresh token for the specified client and target. Providers can deploy this endpoint under a separate base path (e.g., without a version number). SIX forwards the requests accordingly.

header Parameters
X-CorAPI-Client-ID
required
string

ID of the client forwarded to the provider. (SCOPE: FI)

X-Correlation-ID
required
string <= 64 characters

Unique ID (defined by the caller) which will be reflected back in the response.

User-Agent
required
string

Name and version of the of the Client software

X-CorAPI-Target-ID
string

ID of the target, e.g., a financial institution. (SCOPE: FI - optional)

X-PSU-IP-Address
string

IP address of the user initiating the operation (SCOPE: FI - optional)

X-PSU-User-Agent
string

User of the client software (SCOPE: FI - optional)

Request Body schema: application/x-www-form-urlencoded
required
grant_type
required
string
Enum: "authorization_code" "refresh_token"

either authorization_code or refresh_token

code
string

authorization code if applicable

refresh_token
string

refresh token if applicable

redirect_uri
string

original redirect uri if applicable

client_id
required
string

client id

username
required
string <= 64 characters

username of the resource owner

Responses

Response samples

Content type
application/json
{
  • "access_token": "string",
  • "token_type": "bearer",
  • "expires_in": 1,
  • "refresh_token": "string",
  • "scope": "string"
}

Revoke an OAuth token (access or refresh)

  • Revokes the specified OAuth token (must be done separately for access token and refresh token)
  • Providers must validate that the revocation is initiated by the legitimate client
  • Providers can deploy this endpoint under a separate base path (e.g., without a version number). SIX forwards the requests accordingly.
header Parameters
X-CorAPI-Client-ID
required
string

ID of the client forwarded to the provider. (SCOPE: FI)

X-Correlation-ID
required
string <= 64 characters

Unique ID (defined by the caller) which will be reflected back in the response.

User-Agent
required
string

Name and version of the of the Client software

X-CorAPI-Target-ID
string

ID of the target, e.g., a financial institution. (SCOPE: FI - optional)

X-PSU-IP-Address
string

IP address of the user initiating the operation (SCOPE: FI - optional)

X-PSU-User-Agent
string

User of the client software (SCOPE: FI - optional)

Request Body schema: application/x-www-form-urlencoded
required
token
required
string

token to be revoked

token_type_hint
string
Enum: "access_token" "refresh_token"

either access_token or refresh_token

client_id
required
string

client id

Responses

Response samples

Content type
application/json
{
  • "error": "invalid_request",
  • "error_description": "Invalid authorization code",
  • "error_uri": "string"
}

Validate the username of the resouce owner

Returns whether or not a username could have been validated.

header Parameters
Authorization
required
string

Bearer followed by a base64 encoded OAuth access token

X-CorAPI-Client-ID
required
string

ID of the client forwarded to the provider. (SCOPE: FI)

X-Correlation-ID
required
string <= 64 characters

Unique ID (defined by the caller) which will be reflected back in the response.

User-Agent
required
string

Name and version of the of the Client software

X-CorAPI-Target-ID
string

ID of the target, e.g., a financial institution. (SCOPE: FI - optional)

X-PSU-IP-Address
string

IP address of the user initiating the operation (SCOPE: FI - optional)

X-PSU-User-Agent
string

User of the client software (SCOPE: FI - optional)

Request Body schema: application/x-www-form-urlencoded
required
username
required
string <= 64 characters

username of the resource owner

Responses

Response samples

Content type
application/json
{
  • "valid_username": true
}