Consent API

Obtain the access token necessary to call the Account APIs

Introduction

These endpoints provide the possibility to bootstrap the consent flow [for AIS/CAF] and retrieve the tokens [for AIS/PIS/CAF].

Consumes
  • application/json
Produces
  • application/json

Hosts

You can use the production host when you want to go live:

https://psd2.b2b.belfius.be:8443

Click the button below to download the open API specification.

Download

Example screen

Navigate to an endpoint to see sample code


Get consent uris.

Fetch the possible uris in order to start the consent flow for AIS/CAF. TPPs will first have to do a GET /consent-uris and a POST /token before being able to call the effective AIS/CAF APIs. If the matching language is provided [via Accept-Language header], corresponding consent-uri would be returned. In the absence of valid language, all of the available consent-uri's for this client would be returned, which means client himself has to choose the appropriate consent-uri for it's type of device in order to start the actual flow.


Parameters

Response

[
  {
    "language": "fr",
    "consent_uri": "https://www.belfius.be/common/fr/fw/generic/launcher.html?appkey=APP_KEY&apptoken=rdger6e5325drte5635trwe45rew5wr345we5"
  }
]
Headers
  • Response-ID: Same as Request-ID passed in the request.

example:

{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
  • Fixed-form error tokens mapping to specific errors.

    example:

    string
    error (string)

  • Error specific code, could be used directly by consumer's software.

    example:

    string
    error_code (string)

  • Full description of the error.

    example:

    string
    error_description (string)

Headers
  • Response-ID: Same as Request-ID passed in the request.

example:

{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
  • Fixed-form error tokens mapping to specific errors.

    example:

    string
    error (string)

  • Error specific code, could be used directly by consumer's software.

    example:

    string
    error_code (string)

  • Full description of the error.

    example:

    string
    error_description (string)

Headers
  • Response-ID: Same as Request-ID passed in the request.

example:

{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
  • Fixed-form error tokens mapping to specific errors.

    example:

    string
    error (string)

  • Error specific code, could be used directly by consumer's software.

    example:

    string
    error_code (string)

  • Full description of the error.

    example:

    string
    error_description (string)

Headers
  • Response-ID: Same as Request-ID passed in the request.

example:

{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
  • Fixed-form error tokens mapping to specific errors.

    example:

    string
    error (string)

  • Error specific code, could be used directly by consumer's software.

    example:

    string
    error_code (string)

  • Full description of the error.

    example:

    string
    error_description (string)

Headers
  • Response-ID: Same as Request-ID passed in the request.

example:

{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
  • Fixed-form error tokens mapping to specific errors.

    example:

    string
    error (string)

  • Error specific code, could be used directly by consumer's software.

    example:

    string
    error_code (string)

  • Full description of the error.

    example:

    string
    error_description (string)

Headers
  • Response-ID: Same as Request-ID passed in the request.

example:

{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
  • Fixed-form error tokens mapping to specific errors.

    example:

    string
    error (string)

  • Error specific code, could be used directly by consumer's software.

    example:

    string
    error_code (string)

  • Full description of the error.

    example:

    string
    error_description (string)

Headers
  • Response-ID: Same as Request-ID passed in the request.

example:

{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
  • Fixed-form error tokens mapping to specific errors.

    example:

    string
    error (string)

  • Error specific code, could be used directly by consumer's software.

    example:

    string
    error_code (string)

  • Full description of the error.

    example:

    string
    error_description (string)

example:

{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
  • Fixed-form error tokens mapping to specific errors.

    example:

    string
    error (string)

  • Error specific code, could be used directly by consumer's software.

    example:

    string
    error_code (string)

  • Full description of the error.

    example:

    string
    error_description (string)

Headers
  • Response-ID: Same as Request-ID passed in the request.

example:

{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
  • Fixed-form error tokens mapping to specific errors.

    example:

    string
    error (string)

  • Error specific code, could be used directly by consumer's software.

    example:

    string
    error_code (string)

  • Full description of the error.

    example:

    string
    error_description (string)

Headers
  • Response-ID: Same as Request-ID passed in the request.

example:

{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
  • Fixed-form error tokens mapping to specific errors.

    example:

    string
    error (string)

  • Error specific code, could be used directly by consumer's software.

    example:

    string
    error_code (string)

  • Full description of the error.

    example:

    string
    error_description (string)

Get /consent-uris

Request example

There is no example request provided

Response example

[
  {
    "language": "fr",
    "consent_uri": "https://www.belfius.be/common/fr/fw/generic/launcher.html?appkey=APP_KEY&apptoken=rdger6e5325drte5635trwe45rew5wr345we5"
  }
]
{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}

Based on grant_type, issues access/refresh tokens.

Token endpoint provides the possibility to get an access-token +optionally refresh token, as well as to get a refresh token which could be used to get a new access-token. It reacts based on grant_type which can be 'authorization_code' or 'refresh_token'.


Request

Both payloads are valid requests, do not use them in the same request.

Name Type Description
grant_type string Grant types the client will use to get tokens.
  • authorization_code
  • refresh_token
code string authorzation code received perviously from authorization server.
redirect_uri string URI string used in redirect-based OAuth grants, such as authorization_code and implicit. Must be equal to the one provided during the authorization code / implicit request.
code_verifier string PKCE code verifier as per RFC https://tools.ietf.org/html/rfc7636.
grant_type string Grant types the client will use to get tokens.
  • authorization_code
  • refresh_token
refresh_token string Original refresh token provided by authorization server to the client at the time of authorization & consent.
scope string Optional. The scope of the access request. The requested scope MUST NOT include any scope not originally granted by the resource owner (although it can reduce that scope), and if omitted is treated as equal to the scope originally granted by the resource owner

Parameters

Response

{
  "access_token": "2YotnFZFEjr1zCsicMWpAA",
  "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "AIS",
  "logical_id": "aDfGzv3JOkF0XG5Qx2TlKRft"
}
Headers
  • Response-ID: Same as Request-ID passed in the request.

example:

{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
  • Fixed-form error tokens mapping to specific errors.

    example:

    string
    error (string)

  • Error specific code, could be used directly by consumer's software.

    example:

    string
    error_code (string)

  • Full description of the error.

    example:

    string
    error_description (string)

Headers
  • Response-ID: Same as Request-ID passed in the request.

example:

{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
  • Fixed-form error tokens mapping to specific errors.

    example:

    string
    error (string)

  • Error specific code, could be used directly by consumer's software.

    example:

    string
    error_code (string)

  • Full description of the error.

    example:

    string
    error_description (string)

Headers
  • Response-ID: Same as Request-ID passed in the request.

example:

{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
  • Fixed-form error tokens mapping to specific errors.

    example:

    string
    error (string)

  • Error specific code, could be used directly by consumer's software.

    example:

    string
    error_code (string)

  • Full description of the error.

    example:

    string
    error_description (string)

Headers
  • Response-ID: Same as Request-ID passed in the request.

example:

{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
  • Fixed-form error tokens mapping to specific errors.

    example:

    string
    error (string)

  • Error specific code, could be used directly by consumer's software.

    example:

    string
    error_code (string)

  • Full description of the error.

    example:

    string
    error_description (string)

Headers
  • Response-ID: Same as Request-ID passed in the request.

example:

{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
  • Fixed-form error tokens mapping to specific errors.

    example:

    string
    error (string)

  • Error specific code, could be used directly by consumer's software.

    example:

    string
    error_code (string)

  • Full description of the error.

    example:

    string
    error_description (string)

example:

{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
  • Fixed-form error tokens mapping to specific errors.

    example:

    string
    error (string)

  • Error specific code, could be used directly by consumer's software.

    example:

    string
    error_code (string)

  • Full description of the error.

    example:

    string
    error_description (string)

Headers
  • Response-ID: Same as Request-ID passed in the request.

example:

{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
  • Fixed-form error tokens mapping to specific errors.

    example:

    string
    error (string)

  • Error specific code, could be used directly by consumer's software.

    example:

    string
    error_code (string)

  • Full description of the error.

    example:

    string
    error_description (string)

Headers
  • Response-ID: Same as Request-ID passed in the request.

example:

{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
  • Fixed-form error tokens mapping to specific errors.

    example:

    string
    error (string)

  • Error specific code, could be used directly by consumer's software.

    example:

    string
    error_code (string)

  • Full description of the error.

    example:

    string
    error_description (string)

Post /token

Request example

{
  "grant_type": "authorization_code",
  "code": "25sdfsdfsd5345",
  "redirect_uri": "https://localhost:9000/callback",
  "code_verifier": "sfs353DRT345D"
}

Response example

{
  "access_token": "2YotnFZFEjr1zCsicMWpAA",
  "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "AIS",
  "logical_id": "aDfGzv3JOkF0XG5Qx2TlKRft"
}
{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}
{
  "error": "string",
  "error_code": "string",
  "error_description": "string"
}