Endpoint urls
/token
discount sandbox
https://mtls-api-nonprod.discountbank.co.il/devapi/cert/psd2/payment/token
discount prod
https://mtls-api.discountbank.co.il/prod/d/psd2/payment/token
mercantile sandbox
https://mtls-api-nonprod.mercantile.co.il/devapi/cert/psd2/payment/token
mercantile prod
https://mtls-api.mercantile.co.il/prod/d/psd2/payment/token
/authorize
discount sandbox
https://api-nonprod.discountbank.co.il/devapi/cert/psd2/payment/authorize
discount prod
https://api.discountbank.co.il/prod/d/psd2/payment/authorize
mercantile sandbox
https://api-nonprod.mercantile.co.il/devapi/cert/payment/authorize
mercantile prod
https://api.mercantile.co.il/prod/d/psd2/payment/authorize
Access code flow. NO application scope check. PKCE secured. Token exchange mtls enforcement against x-Client-Certificate or TLS handshake. Access token live 1 week, can be refreshed up to 2600 times = 50 years
Discount bank API Gateway
Paths
/payment/authorize
endpoint for Authorization Code and Implicit grants
description
application's client_id
code
{
"enum": [
"code",
"token"
]
}
Application client ID
AIS:
URI where user is redirected to after authorization
This string will be echoed back to application when user is redirected
only "S256" is supported
An HTML form for authentication or authorization of this request.
Location Contains - Authorization code used to obtain the token - The same state as the state sent in the /authorize request
/payment/token
Request Access Tokens
This endpoint allows requesting an access token following one of the flows below:
- Authorization Code (exchange code for access token)
- Client Credentials (2-legged, there isnt resource owner information)
- Resource Owner Password Credentials (2-legged, client provides resource owner name and password)
- Refresh Token (exchange refresh token for a new access code)
The table below indicates the required parameters for each specific grant_type options. Empty cells indicate a parameter is ignored for that specific grant type.
Client authentication:
- Confidential clients should authenticate using HTTP Basic Authentication. Alternatively, they may post their client_id and client_secret information as a formData parameter.
- Public clients should send their client_id as formData parameter.
grant_type | code | client_credentials | password | refresh_token |
---|---|---|---|---|
client_id | required | required | required | required | ||
client_secret | required | required | required | required | ||
code | required | |||
redirect_uri | required | |||
username | required | |||
password | required | |||
scope | required | optional | optional | |
refresh_token | required |
The implicit grant requests, see /oauth2/authorize.
application's client_id
application's client_secret
only "authorization_code" and "refresh_token" values are supported
{
"enum": [
"authorization_code",
"password",
"client_credentials",
"refresh_token"
]
}
Authorization code provided by the /oauth2/authorize endpoint
application/x-www-form-urlencoded
json document containing token, etc.
json document that may contain additional details about the failure
Definitions
{
"type": "object",
"properties": {
"tppMessages": {
"type": "array",
"items": {
"properties": {
"category": {
"type": "string"
},
"code": {
"type": "string"
},
"text": {
"type": "string"
}
},
"type": "object"
}
}
},
"example": "{\"tppMessages\":[{\"category\":\"ERROR\",\"code\":\"\",\"text\":\"Failure invoking GET https:\/\/api\/Services\/v1\/accounts\/1111-111111 ::error: Error: The JSON document is not valid.\"}]}"
}
{
"type": "object",
"additionalProperties": false,
"required": [
"token_type",
"access_token",
"expires_in"
],
"properties": {
"token_type": {
"enum": [
"bearer"
]
},
"access_token": {
"type": "string"
},
"expires_in": {
"type": "integer"
},
"scope": {
"type": "string"
},
"refresh_token": {
"type": "string"
}
}
}
{
"type": "object",
"additionalProperties": false,
"required": [
"clientId",
"owner",
"scope",
"issuedAt",
"expiredAt",
"refreshTokenIssued"
],
"properties": {
"clientId": {
"type": "string"
},
"clientName": {
"type": "string"
},
"owner": {
"type": "string"
},
"scope": {
"type": "string"
},
"issuedAt": {
"type": "string"
},
"expiredAt": {
"type": "string"
},
"refreshTokenIssued": {
"type": "boolean"
},
"miscInfo": {
"type": "string"
}
}
}
{
"type": "array",
"items": {
"$ref": "#\/definitions\/issued_response"
}
}