--- swagger: "2.0" info: x-ibm-name: nboauth title: NBOAuth version: 1.1.2 description: This version of the API has the implementation to refresh the internal jwt. contact: email: ServiceDesk@openbanking.org.uk name: Service Desk name: "" schemes: - https basePath: /nboauth consumes: - application/json - application/x-www-form-urlencoded produces: - application/json - application/x-www-form-urlencoded - CC323803 securityDefinitions: clientID: type: apiKey description: application's client_id in: query name: client_id x-ibm-configuration: testable: true enforced: true phase: realized paths: /oauth20/authorize: get: produces: - text/html summary: Endpoint for Authorization Code and Implicit grant description: "" parameters: - name: response_type in: query description: request an authorization code or or access token (implicit) required: true type: string enum: - code - token - name: scope in: query description: Scope being requested type: string required: true - name: redirect_uri in: query type: string description: URI where user is redirected to after authorization required: true - name: state in: query type: string description: This string will be echoed back to application when user is redirected required: false - name: intentid type: string required: true in: query description: This string will be the intent id received in intent creation step - name: type type: string required: true in: query description: This string will be type of intent like payments, rewards, redemptions, accounts, customers responses: 200: description: An HTML form for authentication or authorization of this request. 302: description: | Redirect to the clients redirect_uri containing one of the following - **authorization code** for Authorization code grant - **access token** for Implicity grant - **error** in case of errors, such as the user has denied the request security: - clientID: [] /oauth20/token: post: consumes: - application/x-www-form-urlencoded produces: - application/json summary: Request Access Tokens description: | This endpoint allows requesting an access token following one of the flows below: - Authorization Code (exchange code for access token) - Client Credentials (2-legged, there isnt resource owner information) - Resource Owner Password Credentials (2-legged, client provides resource owner name and password) - Refresh Token (exchange refresh token for a new access code) The table below indicates the required parameters for each specific grant_type options. Empty cells indicate a parameter is ignored for that specific grant type. Client authentication: - Confidential clients should authenticate using HTTP Basic Authentication. Alternatively, they may post their client_id and client_secret information as a formData parameter. - Public clients should send their client_id as formData parameter. | grant_type | code | client_credentials | password | refresh_token | |----------------------|------------|--------------------|-------------|---------------| | client_id | required* | required* | required* | required* | | client_secret | required* | required* | required* | required* | | code | required | | | | | redirect_uri | required | | | | | username | | | required | | | password | | | required | | | scope | | optional | optional | | | refresh_token | | | | required | The implicit grant requests, see /oauth2/authorize. parameters: - name: grant_type in: formData description: Type of grant type: string required: true enum: - authorization_code - password - client_credentials - refresh_token - name: client_id in: formData description: Application client ID, can be provided in formData or using HTTP Basic Authentication required: true type: string - name: client_secret in: formData description: Application secret, must be provided in formData or using HTTP Basic Authentication required: true type: string - name: code in: formData description: Authorization code provided by the /oauth20/authorize endpoint required: false type: string - name: redirect_uri in: formData description: Required only if the redirect_uri parameter was included in the authorization request /oauth2/authorize; their values MUST be identical. required: false type: string - name: scope in: formData type: string description: Scope being requested required: false - name: refresh_token in: formData type: string description: The refresh token that the client wants to exchange for a new access token (refresh_token grant_type) required: false responses: 200: description: json document containing token, etc. schema: $ref: '#/definitions/access_token_response' 400: description: json document that may contain additional details about the failure security: [] definitions: access_token_response: type: object additionalProperties: false required: - token_type - access_token - expires_in properties: token_type: enum: - bearer access_token: type: string expires_in: type: integer scope: type: string refresh_token: type: string x-ibm-endpoints: - endpointUrl: https://api.nedbank.co.za/apimarket/sandbox type: - production ...