PSD2 OAuth2 Sandbox
Overview
OAuth2 API enables a third-party application to obtain secured access to La Banque Postale's APIs.
Whether you are an AISP, a CBPII or a PISP, you will need to retrieve an access token to be able to request our Sandbox endpoints.
The Sandbox allows you to do a full end-to-end test before going into Production including:
- Test the integration of your application with our Oauth API
- Understand the User journey authentication flows
- Validate the exchange flows between TPP and La Banque Postale
Once Sandbox tests are validated, you can switch to the live APIs.
Functional details
This API relies on the OAUTH 2.0 Authorization Framework defined in RFC 6749.
Use Cases
Different authorization grants can be used, depending on the TPP's role and use case to be applied.
- Get an access token to request AISP or CBPII APIs, following the OAuth 2.0 Authorization Code Grant procedure
- Refreshing an access token to request AISP or CBPII APIs
- Get an access token to request PISP API, following the OAuth 2.0 Client Credentials Grant procedure
La Banque Postale does not support refresh token procedure.
Access tokens issued by La Banque Postale for AISP or CBPII scope have a 90 days lifetime. After 90 days, TPP must restart a new enrolment procedure with the customer's consent (PSU).
Technical details
Endpoints: https://sandbox.labanquepostale.com
Responses returned by the SandBox API correspond to Production format.
Redirect_uri parameter has to be URL-encoded and must correspond to the one stored during the APP Register process.
When you use an expired token, you get an 401 - unauthorized error, you must restart a new enrolment procedure with the customer's consent (PSU).
Prerequisites
- An APP has been created through our Dynamic Client Registration API (client_id / client_secret)
- APP has subscribed to the targetted API Product on https://developer.labanquepostale.com
- Authorization Basic credentials is composed of your APP client_id and client_secret base 64 encoded
Examples
- Authorization code grant for AISP and CBPII
GET /authorize
Query string parameters:
response_type=code&client_id=abh007d2-345c-4asf-8196-fb4kiob2047b&redirect_uri=https%3A%2F%2FmyTPP-App.fr%2Fdsp2%2Fcallback&scope=aisp&state=data_for_TPP_use
- Access token request for AISP and CBPII
POST /token
Headers:
Content-Type: application/x-www-form-urlencoded
Authorization: Basic YWFjNBH3ZDItMzC4Yy00ZGJmLTgxNzYtYks3X0QxZ3Y08xZkg5alI0c0ozaEs2bkY4eUIx
Body:
grant_type=authorization_code&scope=aisp&redirect_uri=https%3A%2F%2FmyTPP-App.fr%2Fdsp2%2Fcallback&code=AAJ542fS7FQieera-PouA1tuGbRG1VaGq_YIiIJF3bOIl9sidP0HEr2zpQpAsGho6ILV2w_-Q
- Access token request for PISP
POST /token
Headers:
Content-Type: application/x-www-form-urlencoded
Authorization: Basic YWFjNBH3ZDItMzC4Yy00ZGJmLTgxNzYtYks3X0QxZ3Y08xZkg5alI0c0ozaEs2bkY4eUIx
Body:
grant_type=client_credentials&scope=pisp