Action
After you get an intent ID, you can then redirect the user to the authorisation endpoint where the user will give consent to access their data.
| url | https://api.nedbank.co.za/apimarket/sandbox/nboauth/oauth20/authorize |
Customer authorisation
Test user IDs
| username | password | Description |
|---|---|---|
| apimtestuser4 | IamN3db@nk123 | Test Nedbank ID credentials |
Request
| Param | Value | Description |
|---|---|---|
| response_type | code | The type of data the endpoint will respond with. |
| scope | <SCOPE> | The type of the scope of the call:
- "openid,accounts" for the Accounts API - "openid,customers" for the Customers API - "openid,rewards" for the Rewards information call - "openid,redemptions" for the Rewards redemptions call - "openid,payments" for the Payments API |
| redirect_uri | <REDIRECT URI> | URI that the authorization must redirect the request to after it completes. |
| client_id | <CLIENT ID> | Your client ID, received when you registered your app on the developer portal. |
| intentid | <INTENT REQUEST ID> | The intent request ID you received from the intent call. |
| itype | <ITYPE> | This is the type of call:
- "customers" for the Customers API - "accounts" for the Accounts API - "payments" for the Payments API - "rewards" for the Rewards info call - "redemptions" for the Rewards redemption call |
| state | <STATE> | Anything you can use to uniquely identify the request when it comes back to your redirect uri |
Response code
The process will redirect the user to the url provided in the 'redirect_uri' parameter. An authorization code will be attached to the redirect url, as in the sample below. Let’s assume your redirect_url was 'https://yourapp.co.za/handle/auth/':
https://yourapp.co.za/handle/auth/?code=xxxxxxxxxxxxxxxxxxxxxxxxxxxx
| Error | Description |
|---|---|
| INTENT_NOT_FOUND | The provided intentid was not found. Please make sure the itype you are using is correct for the API you are trying to call. |
| ITYPE_MISSING_OR_INVALID | The provided itype param is either missing or has an invalid value. |
| INTENT_ID_MISSING | The intentid parameter is missing from the request. |
| INTENT_HAS_BEEN_USED_BEFORE | The intentid that was provided has been used before. |
| INTENT_HAS_EXPIRED | The intentid provided has expired. |
| INTENT_USED_OR_EXPIRED | The intentid provided has been used before or it has expired. |
| BACK_BUTTON_NOT_ALLOWED | The user clicked on the back button in the authorisation screen. This action is not allowed. The user should click the decline button if they do not wish to authorise the transaction. |
| RIGHT_CLICK_NOT_ALLOWED | The user right clicked on the authorisation screen. This action is not allowed. |
| USER_DECLINED | The user has declined the transaction. |
| APPROVEIT_DECLINED_BY_USER | The user has declined the ApproveIt request. |
| APPROVEIT_TIMED_OUT | The ApproveIt request has timed out. This may be because the user did not respond to the ApproveIt request. |
| TOO_MANY_INVALID_OTP_TRIES | The user has entered too many incorrect ApproveIt OTPs. |
| SESSION_INVALIDATED_DUE_TO_USER_ACTION | The user's client returned invalid data to the authorisation server. |
| BACKEND_ERROR | Getting this error means that something went wrong on the authorisation server. Please contact us with your intentid and clientid so we can help. |
The error will be returned to your redirect uri in this format:
https://yourapp.co.za/handle/auth/?error=access_denied&error_description=ITYPE_MISSING_OR_INVALID