Versions Compared

Version Old Version 7 New Version 8
Changes made by

Michal Gregor

Michal Gregor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

Before you get started, make sure you have already created Everifin user account. More details on how to create an user account are here: API Access Prerequisites. Afterwards, you can Connect Bank Account With Everifin UI.

Methods available

OpenID connect

Authentication is facilitated by OpenID Connect 1.0 which is a simple identity layer on top of the OAuth 2.0 protocol.

Authorization code grant type

Authorization code grant type is one of possible grant types provided by OAuth protocol. In this case the the client’s service account together with user account are authenticated and if successful the authorization code provided can be exchanged for access token.

Info

Authorization code grant type is supported by default. Other oAuth 2.0 grant types can be configured as well, contact us for more information.

Authorization code grant type

Step1: Redirect end-user to the Authorization endpoint

...

Info

{{your_realm_value}} = `everifineverifin_app`app

Identity Provider base URL: {{everifin_idp_url}}/auth/realms/{{your_realm_value}}/protocol/openid-connect/auth

...

Example URL: {{everifin_idp_url}}/auth/realms/{{your_realm_value}}/protocol/openid-connect/auth/?client_id={{your_client_id}}&&redirect_uri=http%3A%2F%2Flocalhost%2Fdashboard{{client_redirect_uri}}&response_type=code&state=MY_STATE1&scope={{scope}}

The end user should be redirected to this URL. After the user enters login credentials, she is redirected to the redirect URL (for testing purposes http://localhost)specified in the redirect_uri parameter.

The URL the user is redirected to looks like this:

http://localhost/{{client_redirect_uri}}?state=MY_STATE1&session_state=6f21951a-4087-40e8-9955-db3e0c48f77f&code=7f7607a2-eddf-4e1c-ad86-18ed054d23c9.6f21951a-4087-40e8-9955-db3e0c48f77f.9787f652-e5ce-4c60-bbf5-e45c1622b8eb

The authorization code can be obtained from the “code” code URL query parameter. In this case, it would be: 7f7607a2-eddf-4e1c-ad86-18ed054d23c9.6f21951a-4087-40e8-9955-db3e0c48f77f.9787f652-e5ce-4c60-bbf5-e45c1622b8eb

This code is then used to request an access and refresh token.

Step2: Obtain Bearer Token from the Token endpoint

...

Info

We will provide you with your own auth authentication realm. The value is used in the URL below.

{{everifin_idp_url}}/auth/realms/{{your_realm_value}}/protocol/openid-connect/token

...

All API calls should contain the access_token value in the Authorization HTTP Header.

e.g. Authorization: Bearer YOUR_ACCESS_TOKEN_VALUE

...

Info

The Authorization HTTP Header value is used to identify a specific user.

If you need to access the API under a context of a different user (e.g. access balances and transaction belonging to someone else), you need to authenticate this different user and use the access_token value specific to this user.

...

{{everifin_idp_url}}/auth/realms/{{your_realm_value}}/protocol/openid-connect/token

The following parameter parameters should be included in the request body as (application/x-www-form-urlencoded. Don’t forget to include Content-Type: application/x-www-form-urlencoded in request headers.):

Parameter

Value

Note

grant_type

refresh_token

client_id

same value as client_id query parameter from step 1

refresh_token

value from “refresh_token” field on JSON response from step2

Info

Don't forget to include Content-Type: application/x-www-form-urlencoded in request headers.

Response: JSON object containing access_token and refresh_token.

...

Following parameters should be included in request body (as application/x-www-form-urlencoded. Don’t forget to include Content-Type: application/x-www-form-urlencoded in request headers.).

Parameter

Value

Note

client_id

same value as client_id query parameter from step 1

refresh_token

value from “refresh_token” field on JSON response from step2

Info

Don't forget to include Content-Type: application/x-www-form-urlencoded in request headers.

The logout request returns 204 if successful, 400 if not with a json error response

More information about the OpenID connect endpoints is available here: {{everifin_idp_url}}/auth/realms/{{your_realm_value}}/.well-known/openid-configuration

...

We also support additional authentication mechanisms. These are not available to everyone by default but can be configured upon request.

...