Obtaining a PSU Token
Important notes:
- For the sandbox, the App Client Credentials are for the App created in the Developer Portal UI
- For Production, the App Client Credentials are for the App created by the Dynamic Client Registration Service
- The code_challenge should be SHA256(code_verifier) in hexadecimal bytes. Do not base64-encode the code_challenge
- The GET /authorize endpoint in the sandbox is https://api-sandbox.smbcdigital.com/sandboxauth/v1/authorize
- The GET /authorize endpoint in production is given in scaRedirect in the POST /consents response body
Step | Action | Sandbox Example | Production Example |
1 | Create a TPP Token |
Request curl --location --request POST 'https://api-sandbox.smbcdigital.com/oauth/v1/token Reseponse { |
Request curl --location --request POST 'https://api.smbcdigital.com/oauth/v1/token Reseponse { |
2 | Create a Consent Resource |
Request curl --location --request POST 'https://api-sandbox.smbcdigital.com/berlingroup/v1/consents' \ Response { |
Request
curl --location --request POST 'https://api.smbcdigital.com/berlingroup/v1/consents' \ Response { |
3 | Redirect to SMBC and back to TPP |
Nb: The GET /authorize link in the sandbox does not match the scaRedirect given in the mock response to POST /consents Nb: The code_challenge is SHA256(code_verifier) in hexadeximal bytes Request curl --location --request GET 'https://api-sandbox.smbcdigital.com/sandboxauth/v1/authorize Response Header Location: https://tppredirecturi.com?code=AOoHFOxc&state=123456 |
Nb: In the sandbox, the GET /authorize link does not start with ?requestId. Ensure to add OAuth2 parameters after this parameter. Nb: The code_challenge is SHA256(code_verifier) in hexadeximal bytes. Nb: All the query parameters included below are mandatory. Request curl --location --request GET 'https://www.smbcdigital.com/ezsign/get Response The user is presented with the SCA challenge. On successful or unsuccessful completion, the user is redirected back to the TPP. If given in the request, the state will be included:
|
4 | Create a PSU Token |
Request curl --location --request POST 'https://api-sandbox.smbcdigital.com/oauth/v1/token Response { |
Request curl --location --request POST 'https://api.smbcdigital.com/oauth/v1/token Response { |