Sorry, you need to enable JavaScript to visit this website.

4 Get Payments authorization

Action

To make use of the Payment ID you received in the previous call, add it to the user parameter values found below in the authorization URL to retrieve an access code that you will use to get a heavy/submission token. Make use of the url and values found below.


url https://api.nedbank.co.za/apimarket/sandbox/nboauth/oauth20/authorize
Test user IDs
username password Description
apimtestuser4 IamN3db@nk123 Test Nedbank ID credentials
Request
URL query parameters
Param Value Description
response_type code The type of data the endpoint will respond with.
scope openid,payments The type of the scope of the call
redirect_uri <REDIRECT URI> URI that the authorization must redirect the request to after completion.
client_id <CLIENT ID> Your client id, received when you registered your app on the developer portal
intentid <PAYMENT ID> The Consent ID you received from the previous call.
itype payments This is the type of intent
state <YOUR UNIQUE IDENTIFIER> Any value that you can use to uniquely identify the request when it comes back to your redirect uri.



Response code

The process will redirect the user to the url provided in the 'redirect_uri' parameter. An authorization code will be attached to the redirect url, as in the sample below. Let’s assume your redirect_url was 'https://yourapp.co.za/handle/auth/':

                        
            https://yourapp.co.za/handle/auth/?code=xxxxxxxxxxxxxxxxxxxxxxxxxxxx            
                        
                        
If there was an error during the authorisation process, you will get one of the following error messages
ErrorDescription
INTENT_NOT_FOUNDThe provided intentid was not found. Please make sure the itype you are using is correct for the API you are trying to call.
ITYPE_MISSING_OR_INVALIDThe provided itype param is either missing or has an invalid value.
INTENT_ID_MISSINGThe intentid parameter is missing from the request.
INTENT_HAS_BEEN_USED_BEFOREThe intentid that was provided has been used before.
INTENT_HAS_EXPIREDThe intentid provided has expired.
INTENT_USED_OR_EXPIREDThe intentid provided has been used before or it has expired.
BACK_BUTTON_NOT_ALLOWEDThe user clicked on the back button in the authorisation screen. This action is not allowed. The user should click the decline button if they do not wish to authorise the transaction.
RIGHT_CLICK_NOT_ALLOWEDThe user right clicked on the authorisation screen. This action is not allowed.
USER_DECLINEDThe user has declined the transaction.
APPROVEIT_DECLINED_BY_USERThe user has declined the ApproveIt request.
APPROVEIT_TIMED_OUTThe ApproveIt request has timed out. This may be because the user did not respond to the ApproveIt request.
TOO_MANY_INVALID_OTP_TRIESThe user has entered too many incorrect ApproveIt OTPs.
SESSION_INVALIDATED_DUE_TO_USER_ACTIONThe user's client returned invalid data to the authorisation server.
BACKEND_ERRORGetting this error means that something went wrong on the authorisation server. Please contact us with your intentid and clientid so we can help.

The error will be returned to your redirect uri in this format:

                                
                                    https://yourapp.co.za/handle/auth/?error=access_denied&error_description=ITYPE_MISSING_OR_INVALID