Implement OAuth 2.0

All services are protected with an industry-standard OAuth 2.0 protocol. Before you can access any account-related services, you need to obtain an access token.

To configure your OAuth 2.0 client, use the following settings:

Production Environment

In order to access our production environment, you need to first obtain OAuth 2.0 credentials.

In the case of services regulated by the PSD2 legislation (AISP, PISP), you also need to have a proper license from the national regulator and certificate for the client authentication for accessing API resources.

OAuth 2.0 Setting

Setting Value

Authorization URL

https://aboktpp.cnb.cz/powerauth-webflow/oauth/authorize

Token URL

https://aboktpp.cnb.cz/powerauth-webflow/oauth/token

Client ID

Obtained using the application registration API.

Client Secret

Obtained using the application registration API.

Base API URL

https://aboktpp.cnb.cz/psd2-cobs/

Mutual TLS required

Yes

OAuth 2.0 Scopes

When asking for an access token, you can use one of the following scopes (depending on your PSD2 license coverage):

Scope

Description

aisp

Related to resources for payment account access based on AISP mandate.

pisp

Related to resources for payment initiation based on PISP mandate.

Sandbox Environment

You can develop your application easily by using our live sandbox environment. The sandbox environment offers several prepared OAuth 2.0 tokens and automatically includes valid client certificate on the background.

In the API requests ensure to include the header Authorization: Bearer {token-value} where the token-value can be one of:

OAuth 2.0 Token

Description

token-aisp

scope aisp

token-pisp

scope pisp

token-no-scope

no scope user

To override the default valid client certificate you can try some certificate validations as well by using the header X-Client-Certificate: {certificate-value} where the {certificate-value} can be any of the following ones:

Certificate

Description

certificate-aisp

PSP_AI mandate (Account Information Service Provider)

certificate-pisp

PSP_PI mandate (Payment Initiation Service Provider)

certificate-all

both PSP_AI and PSP_PI mandates

certificate-no-psd

without PSD2 license


What’s Next

After you master the OAuth 2.0 handshake, you can call our API services.