bLink API - consent flow module (2.0.15.0-six)
Download OpenAPI specification:Download
This is the specification of the bLink 'consent-flow' module API. (as implemented by SIX and used by clients (e.g. third party providers))
Get the OAuth access and refresh token
Returns the OAuth access and refresh token for the specified client and target.
header Parameters
| X-Correlation-ID required | string <= 64 characters Unique ID (defined by the caller) which will be reflected back in the response. |
| User-Agent required | string Name and version of the of the Client software |
| X-CorAPI-Target-ID required | string ID that identifies the provider (e.g., a financial institution). (SCOPE: SIX required) |
| X-PSU-IP-Address required | string IP address of the user initiating the operation or AUTO for system triggered processes (SCOPE: SIX required) |
| X-PSU-User-Agent required | string User agent of the user initiating the operation or AUTO for system triggered processes (SCOPE: SIX required) |
Request Body schema: application/x-www-form-urlencodedrequired
| grant_type required | string Enum: "authorization_code" "refresh_token" either authorization_code or refresh_token |
| code | string authorization code if applicable |
| refresh_token | string refresh token if applicable |
| redirect_uri | string original redirect uri if applicable |
| client_id required | string client id |
| username required | string <= 64 characters username of the resource owner |
Responses
Response samples
- 200
- 400
- 401
- 403
- 406
- 415
- 500
- 502
- 504
{- "access_token": "string",
- "token_type": "bearer",
- "expires_in": 1,
- "refresh_token": "string",
- "scope": "string"
}Revoke an OAuth token (access or refresh)
Revokes the specified OAuth token (must be done separately for access token and refresh token)
header Parameters
| X-Correlation-ID required | string <= 64 characters Unique ID (defined by the caller) which will be reflected back in the response. |
| User-Agent required | string Name and version of the of the Client software |
| X-CorAPI-Target-ID required | string ID that identifies the provider (e.g., a financial institution). (SCOPE: SIX required) |
| X-PSU-IP-Address required | string IP address of the user initiating the operation or AUTO for system triggered processes (SCOPE: SIX required) |
| X-PSU-User-Agent required | string User agent of the user initiating the operation or AUTO for system triggered processes (SCOPE: SIX required) |
Request Body schema: application/x-www-form-urlencodedrequired
| token required | string token to be revoked |
| token_type_hint | string Enum: "access_token" "refresh_token" either access_token or refresh_token |
Responses
Response samples
- 400
- 401
- 403
- 406
- 415
- 500
- 502
- 504
{- "error": "invalid_request",
- "error_description": "Invalid authorization code",
- "error_uri": "string"
}Validate the username of the resouce owner
Returns whether or not a username could have been validated.
header Parameters
| Authorization required | string Bearer followed by a base64 encoded OAuth access token |
| X-Correlation-ID required | string <= 64 characters Unique ID (defined by the caller) which will be reflected back in the response. |
| User-Agent required | string Name and version of the of the Client software |
| X-CorAPI-Target-ID required | string ID that identifies the provider (e.g., a financial institution). (SCOPE: SIX required) |
| X-PSU-IP-Address required | string IP address of the user initiating the operation or AUTO for system triggered processes (SCOPE: SIX required) |
| X-PSU-User-Agent required | string User agent of the user initiating the operation or AUTO for system triggered processes (SCOPE: SIX required) |
Request Body schema: application/x-www-form-urlencodedrequired
| username required | string <= 64 characters username of the resource owner |
Responses
Response samples
- 200
- 400
- 401
- 403
- 404
- 500
{- "valid_username": true
}