--- swagger: "2.0" info: x-ibm-name: psd2-oauth-payment title: PSD2 OAuth Payment version: obg 1.0.0 contact: name: Support API email: support_api@dbank.co.il url: https://developer.discountbank.co.il description: "# Endpoint urls\n\n/token\n\ndiscount sandbox \nhttps://mtls-api-nonprod.discountbank.co.il/devapi/cert/psd2/payment/token\n\ndiscount prod \nhttps://mtls-api.discountbank.co.il/prod/d/psd2/payment/token\n\nmercantile sandbox \nhttps://mtls-api-nonprod.mercantile.co.il/devapi/cert/psd2/payment/token\n\nmercantile prod \nhttps://mtls-api.mercantile.co.il/prod/d/psd2/payment/token\n\n/authorize\n\n\ndiscount sandbox \nhttps://api-nonprod.discountbank.co.il/devapi/cert/psd2/payment/authorize\n\ndiscount prod \nhttps://api.discountbank.co.il/prod/d/psd2/payment/authorize\n\nmercantile sandbox \nhttps://api-nonprod.mercantile.co.il/devapi/cert/payment/authorize\n\nmercantile prod \nhttps://api.mercantile.co.il/prod/d/psd2/payment/authorize\n\nAccess code flow.\nNO application scope check.\nPKCE secured.\nToken exchange mtls enforcement against x-Client-Certificate or TLS handshake.\nAccess token live 1 week, can be refreshed up to 2600 times = 50 years" name: "" schemes: - https basePath: /psd2/business securityDefinitions: clientID: in: query type: apiKey name: client_id description: application's client_id clientSecret: in: query type: apiKey name: client_secret description: application's client_secret paths: /payment/authorize: get: produces: - text/html summary: endpoint for Authorization Code and Implicit grants description: description parameters: - name: response_type in: query description: code required: true type: string enum: - code - token - name: client_id in: query description: Application client ID required: true type: string - name: scope in: query description: AIS: type: string required: true - name: redirect_uri in: query type: string description: URI where user is redirected to after authorization required: true - name: state in: query type: string description: This string will be echoed back to application when user is redirected required: true - name: code_challenge type: string required: true in: query - name: code_challenge_method type: string required: true in: query description: only "S256" is supported responses: 200: description: An HTML form for authentication or authorization of this request. 302: description: Location Contains - Authorization code used to obtain the token - The same state as the state sent in the /authorize request 400: description: "" schema: $ref: '#/definitions/400' security: - clientID: [] /payment/token: post: consumes: - application/x-www-form-urlencoded produces: - application/json summary: Request Access Tokens description: | This endpoint allows requesting an access token following one of the flows below: - Authorization Code (exchange code for access token) - Client Credentials (2-legged, there isnt resource owner information) - Resource Owner Password Credentials (2-legged, client provides resource owner name and password) - Refresh Token (exchange refresh token for a new access code) The table below indicates the required parameters for each specific grant_type options. Empty cells indicate a parameter is ignored for that specific grant type. Client authentication: - Confidential clients should authenticate using HTTP Basic Authentication. Alternatively, they may post their client_id and client_secret information as a formData parameter. - Public clients should send their client_id as formData parameter. | grant_type | code | client_credentials | password | refresh_token | |----------------------|------------|--------------------|-------------|---------------| | client_id | required* | required* | required* | required* | | client_secret | required* | required* | required* | required* | | code | required | | | | | redirect_uri | required | | | | | username | | | required | | | password | | | required | | | scope | required | optional | optional | | | refresh_token | | | | required | The implicit grant requests, see /oauth2/authorize. parameters: - name: grant_type in: formData description: only "authorization_code" and "refresh_token" values are supported type: string required: true enum: - authorization_code - password - client_credentials - refresh_token - name: code in: formData description: Authorization code provided by the /oauth2/authorize endpoint required: true type: string - name: Content-Type type: string required: true in: header description: application/x-www-form-urlencoded - name: code_verifier type: string required: true in: formData description: https://www.rfc-editor.org/rfc/rfc7636 - name: client_id type: string required: true in: formData - name: client_secret type: string required: true in: formData responses: 200: description: json document containing token, etc. schema: $ref: '#/definitions/access_token_response' 400: description: json document that may contain additional details about the failure security: - clientID: [] clientSecret: [] x-ibm-configuration: testable: true enforced: true phase: realized type: oauth definitions: 400: description: "" type: object properties: tppMessages: type: array items: properties: category: type: string code: type: string text: type: string type: object example: '{"tppMessages":[{"category":"ERROR","code":"","text":"Failure invoking GET https://api/Services/v1/accounts/1111-111111 ::error: Error: The JSON document is not valid."}]}' access_token_response: type: object additionalProperties: false required: - token_type - access_token - expires_in properties: token_type: enum: - bearer access_token: type: string expires_in: type: integer scope: type: string refresh_token: type: string issued_response: type: object additionalProperties: false required: - clientId - owner - scope - issuedAt - expiredAt - refreshTokenIssued properties: clientId: type: string clientName: type: string owner: type: string scope: type: string issuedAt: type: string expiredAt: type: string refreshTokenIssued: type: boolean miscInfo: type: string issued_responses: type: array items: $ref: '#/definitions/issued_response' responses: 400Res: description: description for new-response-1 schema: $ref: '#/definitions/400' security: [] x-ibm-endpoints: - endpointUrl: https://mtls-api.discountbank.co.il/prod/d type: - production - development - endpointUrl: https://api.discountbank.co.il/prod/d description: Discount bank API Gateway type: - production - development ...