Consent API
Obtain the tokens necessary to call the PSD2 APIs
Introduction
Security# Summary A list of Security APIs available for PSD2 services.
- Consumes
-
- application/x-www-form-urlencoded
- Produces
-
- application/json
Hosts
You can use the production host when you want to go live:
psd2.b2b.belfius.be:8443
psd2.b2b.banx.be:8443
Click the button below to download the open API specification.
DownloadExample screen
Navigate to an endpoint to see sample code
Get consent uris.
Fetch the possible uris in order to start the consent flow for AIS. TPPs will first have to do a GET /consent-uris and a POST /token before being able to call the effective AIS APIs. If the matching language is provided [via Accept-Language header], corresponding consent-uri would be returned. In the absence of valid language, all of the available consent-uri's for this client would be returned, which means client himself has to choose the appropriate consent-uri for its type of device in order to start the actual flow.
Parameters
Request-ID Header required string
ID of the request, unique to the call, as determined by the initiating party. It has to be a valid UUID in V04 format.
example:
"99391c7e-ad88-49ec-a2ad-99ddcb1f7721"
Accept Header required string
It must be of type application/json including version number. [Accept:application/vnd.belfius.api+json; version=4].
example:
"application/vnd.belfius.api+json; version=4"
Accept-Language Header required string
Accept-Language header field sent by the Client terminal. It can include language in ISO 639-1 format [example-:fr]. Note that during redirection, Belfius screens are only available in French (fr) and in Dutch (nl).
example:
"fr"
Redirect-URI Header required string
Redirect-URI of the client.
example:
"https://www.clientapp.com/someurrl"
Client-ID Header required string
Client ID of registered TPP.
example:
"XXXYYYYXXZZZWWWWW"
Code-Challenge-Method Header required string
PKCE code-challenge-method as per RFC https://tools.ietf.org/html/rfc7636.
Code-Challenge Header required string
PKCE code-challenge as per RFC https://tools.ietf.org/html/rfc7636.
scope Query required string
The scope may only be AIS.
example:
"AIS"
Response
[
{
"language": "fr",
"consent_uri": "https://www.belfius.be/common/fr/fw/generic/launcher.html?appkey=APP_KEY&apptoken=rdger6e5325drte563"
}
]
Headers
- Response-ID: Same as Request-ID, received in request.
example:
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
ErrorModel
-
Fixed-form error tokens mapping to specific errors.
example:
string
error (string)
-
Error specific code, could be used directly by consumer's software.
example:
string
error_code (string)
-
Full description of the error.
example:
string
error_description (string)
Headers
- Response-ID: Same as Request-ID, received in request.
example:
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
ErrorModel
-
Fixed-form error tokens mapping to specific errors.
example:
string
error (string)
-
Error specific code, could be used directly by consumer's software.
example:
string
error_code (string)
-
Full description of the error.
example:
string
error_description (string)
Headers
- Response-ID: Same as Request-ID, received in request.
example:
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
ErrorModel
-
Fixed-form error tokens mapping to specific errors.
example:
string
error (string)
-
Error specific code, could be used directly by consumer's software.
example:
string
error_code (string)
-
Full description of the error.
example:
string
error_description (string)
Headers
- Response-ID: Same as Request-ID, received in request.
example:
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
ErrorModel
-
Fixed-form error tokens mapping to specific errors.
example:
string
error (string)
-
Error specific code, could be used directly by consumer's software.
example:
string
error_code (string)
-
Full description of the error.
example:
string
error_description (string)
Headers
- Response-ID: Same as Request-ID, received in request.
example:
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
ErrorModel
-
Fixed-form error tokens mapping to specific errors.
example:
string
error (string)
-
Error specific code, could be used directly by consumer's software.
example:
string
error_code (string)
-
Full description of the error.
example:
string
error_description (string)
Headers
- Response-ID: Same as Request-ID, received in request.
example:
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
ErrorModel
-
Fixed-form error tokens mapping to specific errors.
example:
string
error (string)
-
Error specific code, could be used directly by consumer's software.
example:
string
error_code (string)
-
Full description of the error.
example:
string
error_description (string)
Headers
- Response-ID: Same as Request-ID, received in request.
example:
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
ErrorModel
-
Fixed-form error tokens mapping to specific errors.
example:
string
error (string)
-
Error specific code, could be used directly by consumer's software.
example:
string
error_code (string)
-
Full description of the error.
example:
string
error_description (string)
Headers
- Response-ID: Same as Request-ID, received in request.
example:
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
ErrorModel
-
Fixed-form error tokens mapping to specific errors.
example:
string
error (string)
-
Error specific code, could be used directly by consumer's software.
example:
string
error_code (string)
-
Full description of the error.
example:
string
error_description (string)
Headers
- Response-ID: Same as Request-ID, received in request.
example:
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
ErrorModel
-
Fixed-form error tokens mapping to specific errors.
example:
string
error (string)
-
Error specific code, could be used directly by consumer's software.
example:
string
error_code (string)
-
Full description of the error.
example:
string
error_description (string)
Request example
Response example
[
{
"language": "fr",
"consent_uri": "https://www.belfius.be/common/fr/fw/generic/launcher.html?appkey=APP_KEY&apptoken=rdger6e5325drte563"
}
]
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
Get security token
Token endpoint provides the possibility to get an access-token, optional logical_id, SCA_token and optionally refresh_token based on grant_type. The refresh_token can be used to get a new access_token and refresh_token. It reacts based on grant_type which can be 'authorization_code' or 'refresh_token'. Please note that we do not support header transfer-encoding: chuncked.
Parameters
Authorization Header required string
Passing client_id and client_secret as an HTTP Basic authorization header with Base64 encoding.
Request-ID Header required string
ID of the request, unique to the call, as determined by the initiating party. It has to be a valid UUID in V04 format.
example:
"99391c7e-ad88-49ec-a2ad-99ddcb1f7721"
Accept Header required string
It must be of type application/json including version number. [Accept:application/vnd.belfius.api+json; version=3].
example:
"application/vnd.belfius.api+json; version=3"
Content-Type Header required string
It should be application/x-www-form-urlencoded.
example:
"application/x-www-form-urlencoded"
Request
Both payloads are valid requests, do not use them in the same request.
| Name | Type | Description | |
|---|---|---|---|
| AuthorizationCodeBasedTokenRequestPayload | object | The token request based on authorization_code grant type. | conditional |
| grant_type | string |
Grant type the client will use to get tokens.
|
required |
| code | string | authorization code received previously from authorization server. | required |
| redirect_uri | string | URI string used in redirect-based OAuth grants, such as authorization_code and implicit. Must be equal to the one provided during the authorization code / implicit request. | required |
| code_verifier | string | PKCE code verifier as per RFC https://tools.ietf.org/html/rfc7636. | required |
| RefreshTokenBasedTokenRequestPayload | object | The token request based on refresh_token grant type. | conditional |
| grant_type | string |
Grant type the client will use to get tokens.
|
required |
| refresh_token | string | Original refresh token provided by authorization server to the client at the time of authorization & consent. | required |
| scope | string | Optional. The scope of the access request. The requested scope MUST NOT include any scope not originally granted by the resource owner (although it can reduce that scope), and if omitted is treated as equal to the scope originally granted by the resource owner. | optional |
Response
Headers
- Response-ID: Same as Request-ID, received in request.
example:
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
ErrorModel
-
Fixed-form error tokens mapping to specific errors.
example:
string
error (string)
-
Error specific code, could be used directly by consumer's software.
example:
string
error_code (string)
-
Full description of the error.
example:
string
error_description (string)
Headers
- Response-ID: Same as Request-ID, received in request.
example:
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
ErrorModel
-
Fixed-form error tokens mapping to specific errors.
example:
string
error (string)
-
Error specific code, could be used directly by consumer's software.
example:
string
error_code (string)
-
Full description of the error.
example:
string
error_description (string)
Headers
- Response-ID: Same as Request-ID, received in request.
example:
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
ErrorModel
-
Fixed-form error tokens mapping to specific errors.
example:
string
error (string)
-
Error specific code, could be used directly by consumer's software.
example:
string
error_code (string)
-
Full description of the error.
example:
string
error_description (string)
Headers
- Response-ID: Same as Request-ID, received in request.
example:
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
ErrorModel
-
Fixed-form error tokens mapping to specific errors.
example:
string
error (string)
-
Error specific code, could be used directly by consumer's software.
example:
string
error_code (string)
-
Full description of the error.
example:
string
error_description (string)
Headers
- Response-ID: Same as Request-ID, received in request.
example:
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
ErrorModel
-
Fixed-form error tokens mapping to specific errors.
example:
string
error (string)
-
Error specific code, could be used directly by consumer's software.
example:
string
error_code (string)
-
Full description of the error.
example:
string
error_description (string)
Headers
- Response-ID: Same as Request-ID, received in request.
example:
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
ErrorModel
-
Fixed-form error tokens mapping to specific errors.
example:
string
error (string)
-
Error specific code, could be used directly by consumer's software.
example:
string
error_code (string)
-
Full description of the error.
example:
string
error_description (string)
Headers
- Response-ID: Same as Request-ID, received in request.
example:
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
ErrorModel
-
Fixed-form error tokens mapping to specific errors.
example:
string
error (string)
-
Error specific code, could be used directly by consumer's software.
example:
string
error_code (string)
-
Full description of the error.
example:
string
error_description (string)
Headers
- Response-ID: Same as Request-ID, received in request.
example:
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
ErrorModel
-
Fixed-form error tokens mapping to specific errors.
example:
string
error (string)
-
Error specific code, could be used directly by consumer's software.
example:
string
error_code (string)
-
Full description of the error.
example:
string
error_description (string)
Headers
- Response-ID: Same as Request-ID, received in request.
example:
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
ErrorModel
-
Fixed-form error tokens mapping to specific errors.
example:
string
error (string)
-
Error specific code, could be used directly by consumer's software.
example:
string
error_code (string)
-
Full description of the error.
example:
string
error_description (string)
Headers
- Response-ID: Same as Request-ID, received in request.
example:
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
ErrorModel
-
Fixed-form error tokens mapping to specific errors.
example:
string
error (string)
-
Error specific code, could be used directly by consumer's software.
example:
string
error_code (string)
-
Full description of the error.
example:
string
error_description (string)
Headers
- Response-ID: Same as Request-ID, received in request.
example:
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
ErrorModel
-
Fixed-form error tokens mapping to specific errors.
example:
string
error (string)
-
Error specific code, could be used directly by consumer's software.
example:
string
error_code (string)
-
Full description of the error.
example:
string
error_description (string)
Headers
- Response-ID: Same as Request-ID, received in request.
example:
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
ErrorModel
-
Fixed-form error tokens mapping to specific errors.
example:
string
error (string)
-
Error specific code, could be used directly by consumer's software.
example:
string
error_code (string)
-
Full description of the error.
example:
string
error_description (string)
Request example
Response example
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
{
"error": "string",
"error_code": "string",
"error_description": "string"
}
