refresh_token<\/code><\/td>\n![\"-white_check_mark-\"](\"\/user\/data\/smileys\/emoji\/white_check_mark.png\" "\\"-white_check_mark-\\"") <\/td>\n | The refresh token.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n Authentication type<\/strong>: use client_id<\/code> and client_secret<\/code> for basic authentication.<\/p>\n\n <\/code-sample>\n<\/div>\n<\/li>\n\nFrom the response, save the new access_token<\/code> and refresh_token<\/code>. The response contains the following fields:<\/p>\n\n\n\n| Parameter<\/th>\n | Description<\/th>\n<\/tr>\n<\/thead>\n | \n\ntoken_type<\/code><\/td>\nThe token type: bearer<\/strong>.<\/td>\n<\/tr>\n\nexpires_in<\/code><\/td>\n| The expiry of the access token, in seconds. By default, 24 hours.<\/td>\n<\/tr>\n | \naccess_token<\/code><\/td>\n| The access token which can be used to access the open banking APIs.<\/td>\n<\/tr>\n | \nrefresh_token<\/code><\/td>\nThe OAuth refresh token that you can use to get new access tokens with the same scope. The refresh token has an unlimited validity but it expires with a short grace period when the refresh token is used to renew the access token. A refresh token is one-time-use.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n{\n \"token_type\": \"bearer\",\n \"expires_in\": 86400,\n \"access_token\": \"oa_Elnme5TE0FH0v8qXEAQ56ME0Zxp0s1ETtGizd07mEY0MTh1\",\n \"refresh_token\": \"oa_T7ZKiG5HsdTBAstDksw4WslQhbQQr0CwfSom90NkSV9w8zB\"\n}<\/code><\/pre>\n<\/li>\n<\/ol>","url":"https:\/\/docs.adyen.com\/pt\/business-accounts\/oauth-flow","articleFields":{"description":"Learn how to get an access and refresh token.","feedback_component":true,"id":"31504141","type":"page","_expandable":{"operations":""},"status":"current","next_steps":[{"title":"Consent interface","description":"Learn how to manage user consents with our dedicated endpoints.","url":"\/business-accounts\/consent","required":true},{"title":"AISP interface","description":"Learn how to consume our dedicated AISP endpoints.","url":"\/business-accounts\/aisp","required":false},{"title":"PISP interface","description":"Learn how to consume our dedicated PISP endpoints.","url":"\/business-accounts\/pisp","required":false},{"title":"PIISP interface","description":"Learn how to consume our dedicated PIISP endpoints.","url":"\/business-accounts\/piisp","required":false}],"parameters":{"directoryPath":"\/business-accounts","model":"balance platform"}},"algolia":{"url":"https:\/\/docs.adyen.com\/pt\/business-accounts\/oauth-flow","title":"Get account holder consent","content":"Adyen uses OAuth 2.0, an open standard for authorization, to allow third-party applications to get an account holder's explicit consent to access their account data. This page explains how to get an account holder's consent to access their Adyen business account information.\nRequirements\n\n\n\nRequirement\nDescription\n\n\n\n\nIntegration type\nNot applicable; this documentation is intended for third-party providers.\n\n\nSetup steps\nBefore you begin, you must complete the Adyen onboarding steps.\n\n\n\nHow it works\nHere is how the OAuth flow works with Adyen open banking:\n\nIn your client app, the account holder selects to give access to their payment data with Adyen.\nYour client app redirects the account holder to Adyen's authentication interface so they can authenticate and give their consent to access their account data. Depending on the consent they give, you can check their account details, view the balance on their account, or initiate a payment.\nAdyen generates an authorization code and returns it to your client app through the redirect URL.\nYour server uses the authorization code to get an access token. The access token is needed for two things:\n\nTo authenticate open banking requests to Adyen for this account holder.\nTo get the account holder's consent ID, which is needed to get their account details.\n\nYour server uses the access token to create a consent and get a consentId.\n\nAfter you get the access token and the consentId, you can make requests to Adyen open banking APIs to retrieve the account holder's Adyen business account details.\nImplement Adyen connect button\nIn your app or on your website, implement a Connect with Adyen button. This button sends a GET \/bankoauth\/authorize request to your server, which redirects the account holder to an Adyen dialog for authentication and consent. Use the URL from the next step to get the account holder's consent.\nRedirect account holder for authentication\nTo redirect the account holder so they can authenticate and give consent:\n\n\nMake a GET \/bankoauth\/authorize request with the following query parameters:\n Note that this request does not require any type of authorization.\n\n\n\nParameter\nRequired\nDescription\n\n\n\n\nclient_id\n\nIdentifies the client (your app) making the request. This should match the QWAC certificate\u2019s organization identifier.\n\n\nresponse_type\n\nSpecifies the response type expected from the authorization server. Set to code.\n\n\nredirect_uri\n\nSpecifies the URI to which the authorization server redirects the user after authentication and consent.\n\n\nscope\n\nDefines the requested permissions or access levels that the client is seeking. It specifies the scope of the resources or actions the client intends to access on behalf of the user. Multiple scopes can be requested, separated by spaces.Possible values: bank.aisp:read, bank.pisp:write, and bank.cof:read.\n\n\ncode_challenge_method\n\nSet to S256.\n\n\ncode_challenge\n\nSHA256 hash of the code_verifier to be provided when getting the access token in the next step. The code_verifier is a random string generated by the third-party provider.\n\n\nstate\n\nA string generated by the client, which is included in the request and returned by the authorization server. It helps maintain the integrity of the authorization flow by preventing CSRF attacks.\n\n\n\nBy including these parameters, the authorization server can properly authenticate the account holder.\nHere is an example of a GET request:\n\n\n\n\n\nEmbed the HTML code that you receive in the response into your app or website so the account holder can authenticate with their Adyen business account.\n\n\nAfter the account holder has authenticated, get the code that is sent back to your client's redirect_uri. You need this code in the next step, to get an access token. This redirect will include the following query parameters in the URL.\n\n\n\nParameter\nDescription\n\n\n\n\ncode\nThe authorization code used to exchange for an access token. The code is short-lived and expires in five minutes.\n\n\nstate\nThe same value as in the initial redirect URL.\n\n\n\nAn example of a redirect URL may look like this:\n\n\n\n\n\nGet an access token\nTo exchange the authorization code from the previous step for an access token:\n\n\nFrom the server, make a POST \/token request with the following parameters in the request body:\n\n\n\nParameter\nRequired\nDescription\n\n\n\n\ngrant_type\n\nSet to authorization_code.\n\n\ncode\n\nThe authorization code provided in the redirect URL.\n\n\ncode_verifier\n\nThe code verifier.\n\n\nredirect_uri\n\nThe redirect URI for your client.\n\n\n\nAuthentication type: use client_id and client_secret for basic authentication.\n\n\n\n\n\nFrom the response, save the access_token and the refresh_token. You need the access_token in the next step, to get a consentId. The response contains the following fields:\n\n\n\nParameter\nDescription\n\n\n\n\ntoken_type\nThe token type: bearer.\n\n\nexpires_in\nThe expiry of the access token, in seconds. By default, 24 hours.\n\n\naccess_token\nThe access token which can be used to access the open banking APIs.\n\n\nscope\nThe scope for the access_token. Multiple scopes are possible, separated by spaces.\n\n\nrefresh_token\nThe OAuth refresh token that you can use to get new access tokens with the same scope. The refresh token expires as soon as it is used, providing a new access token and a new refresh token. A refresh token is one-time-use.\n\n\n\n\n\n\n\nIf you lose the refresh token, there is no way to recover the granted access. You will need to redirect the account holder for authentication again.\n\n\n\nCreate a consent\nTo create a new consent use the access token to get a consentId. This consentId is needed to get the account details for the account holder. This consent needs to be approved by the account holder to continue.\n\n\nMake a POST \/consents request with the following parameters in the request body. The request header includes the TPP-Signature-Certificate: QSEALCertificate, which is the full eIDAS certificate encoded in Base64 format.\n\n\n\nParameter\nRequired\nDescription\n\n\n\n\naccess\n\nThe type of access requested. Set allPsd2 to allAccounts. This means you are requesting access to all of the user's accounts with Adyen.\n\n\nrecurringIndicator\n\nIndicates that the consent is being requested for recurring access to the user's account information or payment initiation.\n\n\nvalidUntil\n\nSpecifies the consent's validity end date in YYYY-MM-DD (ISO format). Maximum 90-day duration and 10 uses per day. Consent expires after this date.\n\n\nfrequencyPerDay\n\nIndicates the maximum number of times per day that you are allowed to access the user's account information or initiate payments.\n\n\ncombinedServiceIndicator\n\nIndicates whether you are requesting access to the user's account information or payment initiation services individually or as a combined service.\n\n\n\n\n\n\n\n\nThe response contains the consentStatus, consentId, and links to requested resources. From the response, save the consentId, you need this for the Adyen open banking requests to get the account details for this account holder. You can continue to poll the endpoint until you receive an updated consentStatus.\n\nIf you want to get information about consent authorization and to determine where your account holder is in the authentication flow, you will need the authorization-id-consent. This is the last set of characters at the end of thescaStatus link below. Save this authorization-id-consent to use in the get authorization information.\n\n\n\n\n\n\nRefresh an access token\nBecause the access token is short-lived, a new access token has to be requested regularly to continue using open banking APIs. To find your original refresh token, see the response from get an access token. To refresh an access token:\n\n\nMake a POST request to the \/token endpoint. Provide the following parameters in the request body:\n\n\n\nParameter\nRequired\nDescription\n\n\n\n\ngrant_type\n\nSet to refresh_token.\n\n\nrefresh_token\n\nThe refresh token.\n\n\n\nAuthentication type: use client_id and client_secret for basic authentication.\n\n\n\n\n\nFrom the response, save the new access_token and refresh_token. The response contains the following fields:\n\n\n\nParameter\nDescription\n\n\n\n\ntoken_type\nThe token type: bearer.\n\n\nexpires_in\nThe expiry of the access token, in seconds. By default, 24 hours.\n\n\naccess_token\nThe access token which can be used to access the open banking APIs.\n\n\nrefresh_token\nThe OAuth refresh token that you can use to get new access tokens with the same scope. The refresh token has an unlimited validity but it expires with a short grace period when the refresh token is used to renew the access token. A refresh token is one-time-use.\n\n\n\n{\n \"token_type\": \"bearer\",\n \"expires_in\": 86400,\n \"access_token\": \"oa_Elnme5TE0FH0v8qXEAQ56ME0Zxp0s1ETtGizd07mEY0MTh1\",\n \"refresh_token\": \"oa_T7ZKiG5HsdTBAstDksw4WslQhbQQr0CwfSom90NkSV9w8zB\"\n}\n\n","type":"page","locale":"pt","boost":18,"hierarchy":{"lvl0":"Home","lvl1":"Business accounts","lvl2":"Get account holder consent"},"hierarchy_url":{"lvl0":"https:\/\/docs.adyen.com\/pt","lvl1":"https:\/\/docs.adyen.com\/pt\/business-accounts","lvl2":"\/pt\/business-accounts\/oauth-flow"},"levels":3,"category":"","category_color":"","tags":["account","holder","consent"]}}
| | | | | | |