Versions Compared

Version Old Version 5 New Version 6
Changes made by

Abdulrahman Balogun

Abdulrahman Balogun

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
curl -X POST "https://api.leatherback.com/api/v1/auth/generate-client-token" \
-H "Content-Type: application/json" \
-d '{
  "tppId": "your-unique-tpp-id",
  "clientSecret": "your-client-secret"
}'

Response:

Code Block
languagejson
{
  "clientToken": "generated-client-token",
  "expiresIn": 3600
}

Create Client Consent

After generating a client token, the next step is to create client consent. This step involves generating a consentId in our systems so we can tie consent requests to you as a TPP.

...

Request Body:

Code Block
languagejson
{
    "Data": {
        "Permissions": [
            "ReadAccountsBasic",
            "ReadAccountsDetail"
        ],
        "ExpirationDateTime": "2020-12-02T00:00:00+00:00",
        "TransactionFromDateTime": "2020-09-03T00:00:00+00:00",
        "TransactionToDateTime": "2020-12-03T00:00:00+00:00"
    },
    "Risk": {}
}

Sample Request:

Code Block
curl -X POST "https://api.leatherback.com/api/v1/consent/create" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer your-client-token" \
-d '{
    "Data": {
        "Permissions": [
            "ReadAccountsBasic",
            "ReadAccountsDetail"
        ],
        "ExpirationDateTime": "2020-12-02T00:00:00+00:00",
        "TransactionFromDateTime": "2020-09-03T00:00:00+00:00",
        "TransactionToDateTime": "2020-12-03T00:00:00+00:00"
    },
    "Risk": {}
}'

Response:

Code Block
{
  "Data": {
    "Status": "AwaitingAuthorisation",
    "StatusUpdateDateTime": "2020-11-05T16:07:46.506182Z",
    "CreationDateTime": "2020-11-05T16:07:46.506182Z",
    "TransactionToDateTime": "2017-12-03T00:00:00+00:00",
    "ExpirationDateTime": "2021-05-02T00:00:00+00:00",
    "Permissions": [
      "ReadAccountsBasic",
      "ReadAccountsDetail"
    ],
    "ConsentId": "d19ec758-22fd-4f34-9ad4-7437f8628987",
    "TransactionFromDateTime": "2017-05-03T00:00:00+00:00"
  },
  "Risk": {},
  "Links": {
    "Self": "https://oba.revolut.com/account-access-consents"
  },
  "Meta": {
    "TotalPages": 1
  }
}

Create JWT URL Parameters Token

After you create a consent, you need the user to authorize the consent so that you can access the data on their behalf. To facilitate this, you must create a JWT request parameter.

JWT Header:

Code Block
{
  "alg": "PS256",
  "kid": "<insert kid>"
}

JWT Body:

Code Block
{
  "response_type": "code id_token",
  "client_id": "<insert client_id>",
  "redirect_uri": "<insert redirect_uri>",
  "scope": "accounts",
  "claims": {
    "id_token": {
      "openbanking_intent_id": {
        "value": "<insert ConsentId>"
      }
    }
  }
}

Steps to Create JWT URL Parameters Token:

  1. Prepare the JWT Header:

    • Set the alg (algorithm) to PS256.

    • Insert your key ID (kid) into the header.

  2. Prepare the JWT Body:

    • Set the response_type to code id_token.

    • Insert your client_id which you received during registration.

    • Specify your redirect_uri.

      • This is a page on your platform where the authorized customer will be redirected back to continue the open banking process. The authorization code or token and some other parameters like state will be sent alongside the redirect.

    • Set the scope to accounts.

    • Include the openbanking_intent_id with the value of the generated ConsentId.

  3. Sign the JWT:

    • Sign the JWT using the private key of your signing certificate.

    • Ensure that the signature can be validated using the JWKs endpoint you specified during registration.