/
Customer Authorization

Customer Authorization

In this section, we'll guide you through the process of obtaining customer authorization via the Leatherback platform. This process involves redirecting your customers to the Leatherback Authorization App (Web, Android and iOS), where they will log in and grant the necessary permissions, followed by receiving the authorization response. Whether you are developing a web or mobile application, these steps will ensure a smooth and secure customer authorization experience.

Redirect to the Leatherback Authorization App

To initiate the authorization process, you need to redirect the user to the Leatherback Authorization App. This can be done via a web redirect from your end.

Web Redirect:

  • Construct the authorization URL with the required query parameters.

  • Redirect the user to this URL.

  • Sample URL format:

    https://app-leatherback-openbanking-dev.azurewebsites.net?request=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjbGllbnRfaWQiOiJENDY0QzlENzg2Mjc0NDgzOUE1ODM4MjEzNzlERjI2MCIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOi8vZGV2ZWxvcGVyLnJldm9sdXQuY29tIiwic2NvcGUiOiJhY2NvdW50IiwicmVzcG9uc2VfdHlwZSI6ImNvZGUgaWRfdG9rZW4iLCJjYWxsYmFja191cmwiOiJodHRwczovL2RldmVsb3Blci5yZXZvbHV0LmNvbS8iLCJvcGVuYmFua2luZ19pbnRlbnRfaWQiOiI1OTE4OTA5MS01NDViLTQwZGUtOTNhMy00MTY2YzlhZTJkOTAiLCJuYmYiOjIwMjkyNzY4NTcsImV4cCI6MjAyOTI4MDQ1NywiaWF0IjoyMDI5Mjc2ODU3fQ.stK_t2vLV4PAejjjpRmy39a3wKAXVpyINadmGABTPAU &state=example_state

Mobile Redirect:

  • Use the device's web view to open the authorization URL (same as above).

  • Handle the redirect within the mobile application.

We handle the redirect to the customer’s web or mobile apps (Android or iOS) on our end so you do not have to worry about that. This is useful in cases where you mistakenly redirect from a mobile device to another browser and not the mobile app’s web view.

Login and Authorization

Once the user is redirected to the Leatherback Authorization App, they will be prompted to log in and authorize their application to access their account information.

  • Login Page:

    • Users enter their credentials to log in.

    • They may be asked to complete additional security steps (e.g., two-factor authentication).

  • Authorization Page:

    • Users review the permissions requested by your application.

    • Users grant or deny access by clicking the appropriate button.

After the user has logged in and granted authorization, you will receive an authorization response. This can be handled via a webhook AND a direct redirect. You can decide to receive the response however you choose.

Webhook Scenario:

  • Leatherback sends a POST request to your webhook endpoint with the authorization details.

  • The webhook response will be in this format:

{ "authorizationCode": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0ZSI6ImV4cGVjdF9zdGF0ZV92YWx1ZSJ9.FFm-dVtZkHsZSNGvH1K9li1DbMD1t8Cm0YW5ZEsOa_o", "state": "random_state_value" }

Redirect Scenario:

  • The user is redirected back to your application with the authorization code and state as query parameters.

  • The redirect URL looks like this

https://openbanking.tpp.com/open-banking-page?authorizationCode=<authorizationCode>&state=<state>

 

 Related articles

Leatherback 2024