get familiar with tokens
- token types
- obtaining and renewing tokens
- API endpoint-token restricions
Using K&H’s APIs requires tokens in addition to the certificate referred to in the previous chapter. The tokens are passed as Authorisation Bearer tokens described in the http standard upon each API call; upon redirection to the K&H redirection screen for customer authentication, the token must be passed as an URL parameter.
There are two token types:
- application authentication tokens;
- and consent tokens.
For testing purposes and the proper usage of our sandbox the valid tokens can be generated on your side via the dedicated sandox token generator endpoint after the finalization of your registration.
Tokens expire and must be renewed after a certain time period. The TPP receives an error message if the token used is expired.
application authentication token
An application authentication token is used for the identification of the TPP’s application:
- when K&H’s API is used;
- upon redirection to the K&H redirection screen for customer authentication.
obtaining an application authentication token
Creating an application is necessary to use our APIs. An application authentication token can be obtained when the application is registered. For testing purposes application and other tokens to be used are generated for you after finalization of your registration.
renewing or regenerating an application authentication token
Use the unique application ID to request a new application authentication token through the relevant API, in case you your application authentication token has expired or receives “token unknown” as a response.
consent tokens
At least one token is connected to each consent. This token must be used for the operations requiring the consent. A consent token also identifies the application creating that consent; so if that token is used, it is not necessary to use the application authentication token as well.
obtaining a consent token
The response of the API used to query the consent status contains the consent token (the token field in the header) if the consent status is “valid”.
renewing or regenerating a consent token
A consent token is renewed in the same way that it is obtained because the API used to query the consent status creates a new token upon every call if the consent status is „valid”. This can be used in case your application authentication token has expired or receives “token unknown” as a response.
which kind of token you can use for which API endpoint
|
API endpoint |
TPP application authentication token |
PSU identification token |
Account balance token |
Transaction history token |
Funds confirmation token |
|---|---|---|---|---|---|
|
/v1/payments/payment-order POST |
x |
x |
|
|
|
|
/v1/payments/payment-order/{paymentId} GET |
|
x |
|
|
|
|
/v1/payments/payment-order/{paymentId}/status GET |
x |
x |
|
|
|
| /v1/payments/payment-order/{paymentId} DELETE | x | ||||
|
/v1/payments/payment-order/{paymentId}/authorisations POST |
x |
x |
|
|
|
|
/v1/payments/payment-order/{paymentId}/authorisations GET |
x |
x |
|
|
|
|
/v1/payments/payment-order/{paymentId}/authorisations/{authorisationId} PUT |
|
x |
|
|
|
|
/v1/payments/payment-order/{paymentId}/authorisations/{authorisationId} GET |
x |
x |
|
|
|
| /v1/bulk-payments/payment-order POST | x | x | |||
| /v1/bulk-payments/payment-order/{paymentId} GET | x | ||||
| /v1/bulk-payments/payment-order/{paymentId}/status GET | x | x | |||
| /v1/bulk-payments/payment-order/{paymentId} DELETE | x | ||||
| /v1/bulk-payments/payment-order/{paymentId}/authorisations POST | x | x | |||
| /v1/bulk-payments/payment-order/{paymentId}/authorisations GET | x | x | |||
| /v1/bulk-payments/payment-order/{paymentId}/authorisations/{authorisationId} PUT | x | ||||
| /v1/bulk-payments/payment-order/{paymentId}/authorisations/{authorisationId} GET | x | x | |||
|
/v1/periodic-payments/standing-order POST |
x |
x |
|
|
|
|
/v1/periodic-payments/standing-order/{paymentId} GET |
|
x |
|
|
|
|
/v1/periodic-payments/standing-order/{paymentId}/status GET |
x |
x |
|
|
|
| /v1/periodic-payments/standing-order/{paymentId} DELETE | x | ||||
|
/v1/periodic-payments/standing-order/{paymentId}/authorisations POST |
x |
x |
|
|
|
|
/v1/periodic-payments/standing-order/{paymentId}/authorisations GET |
x |
x |
|
|
|
|
/v1/periodic-payments/standing-order/{paymentId}/authorisations/{authorisationId} PUT |
|
x |
|
|
|
|
/v1/periodic-payments/standing-order/{paymentId}/authorisations/{authorisationId} GET |
x |
x |
|
|
|
| /v1/signing-baskets POST | x | x | |||
| /v1/signing-baskets/{basketId} GET | x | x | |||
| /v1/signing-baskets/{basketId} DELETE | x | x | |||
| /v1/signing-baskets/{basketId}/authorisations GET | x | x | |||
| /v1/signing-baskets/{basketId}/authorisations/{authorisationId} PUT | x | ||||
| /v1/signing-baskets/{basketId}/authorisations/{authorisationId} GET | x | x | |||
| /v1/bulk-payments/payment-order/{paymentId}/cancellation-authorisations POST | x | x | |||
| /v1/bulk-payments/payment-order/{paymentId}/cancellation-authorisations GET | x | x | |||
| /v1/bulk-payments/payment-order/{paymentId}/cancellation-authorisations/{cancellationId} PUT | x | ||||
| /v1/bulk-payments/payment-order/{paymentId}/cancellation-authorisations/{cancellationId} GET | x | x | |||
| /v1/payments/payment-order/{paymentId}/cancellation-authorisations POST | x | x | |||
| /v1/payments/payment-order/{paymentId}/cancellation-authorisations GET | x | x | |||
| /v1/payments/payment-order/{paymentId}/cancellation-authorisations/{cancellationId} PUT | x | ||||
| /v1/payments/payment-order/{paymentId}/cancellation-authorisations/{cancellationId} GET | x | x | |||
| /v1/periodic-payments/standing-order/{paymentId}/cancellation-authorisations POST | x | x | |||
| /v1/periodic-payments/standing-order/{paymentId}/cancellation-authorisations GET | x | x | |||
| /v1/periodic-payments/standing-order/{paymentId}/cancellation-authorisations/{cancellationId} PUT | x | ||||
| /v1/periodic-payments/standing-order/{paymentId}/cancellation-authorisations/{cancellationId} GET | x | x | |||
|
/v1/accounts/{account-id} GET |
|
|
x |
x |
|
|
/v1/accounts/{account-id}/balances GET |
|
|
x |
|
|
|
/v1/accounts/{account-id}/transactions GET |
|
|
|
x |
|
|
/v1/accounts/{account-id}/transactions/download/{downloadid} GET |
|
|
|
x |
|
|
/v1/consents/ POST |
x |
x |
|
|
|
|
/v1/consents/{consentId} GET |
|
x |
|
|
|
|
/v1/consents/{consentId}/authorisations POST |
x |
x |
|
|
|
|
/v1/consents/{consentId}/authorisations GET |
x |
x |
|
|
|
|
/v1/consents/{consentId}/authorisations/{authorisationId} GET |
x |
x |
|
|
|
|
/v1/consents/{consentId}/authorisations/{authorisationId} PUT |
x |
x |
|
|
|
|
/v1/consents/{consentId}/status GET |
x |
x |
|
|
|
|
/v1/consents/{consentId} DELETE |
x |
x |
|
|
|
|
/v1/funds-confirmations POST |
|
|
|
|
x |
|
/v1/tpp/app POST |
|
|
|
|
|
|
/v1/tpp/contact PUT |
|
|
|
|
|
|
/v1/tpp/app/token POST |
|
|
|
|
|