Tutorial: Access Token

This tutorial will walk you through obtaining an access token as a system user for MBanq APIs via OAuth 2.0. An access token is essential for making authenticated API calls. By the end of this guide, you'll have a clear understanding of the authentication process and how to log into the MBanq system. Let's begin!

📘
API References for Endpoints in this tutorial:

Authorization

When using the API, keep the following points in mind:

OAuth 2: Authentication to the API is done using OAuth 2. You need to obtain an access token before making other API calls.
OAuth 2 Client and Secret: For this tutorial, the OAuth 2 client is preset to "api" and the client secret is set as "secret". In the official release, you will have the ability to register and manage API clients from within the MBanq Console.
Tenant ID: You must always include the ID of your banking instance in the request. The ID can be passed either as the tenantIdentifier parameter in the query string or as the tenantId in the request header.
JSON: All data is sent and received in JSON format.
HTTPS: Every request to the API must use HTTPS for secure communication.

📘
Before you begin: Make sure you have created a banking instance in the MBanq Console and have the ID of your banking instance available.

Step 1: Obtain an Access Token

The first step is to obtain an access token by sending a POST request to the API's authentication endpoint. This request requires the ID of your banking instance to be included either in the query string or the request header.

Request

As per the Access Token API https://apidocs.cloud.mbanq.com/reference/requestaccesstoken

This request fetches the access token needed for authentication.

Response

The response contains the access token and additional information.

Success:

{
  "scope": "all",
  "access_token": "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImlzQWNjZXNzVG9rZW4iOnRydWUsImV4cCI6MTY4Nzc2OTcyMywidXNlcklkIjoxLCJpYXQiOjE2ODc3NjYxMjN9.IUpyNEk_MEiwj4kLOhKX0DQs-VpwKIP8U6ZCQLfLVLczmMG-oaeQPcTBHG1E9xP7gpLvbzZ6qRN_t1wv99aw-w",
  "token_type": "bearer",
  "refresh_token": "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImlzQWNjZXNzVG9rZW4iOmZhbHNlLCJleHAiOjE2ODc4NTI1MjMsInVzZXJJZCI6MSwiaWF0IjoxNjg3NzY2MTIzfQ.E14uThEFgigoe8d_g-PIDqhX3qmwoI-9NhjJ_kFKUDOTEx5luwfb9QeFB1nLqJi5DF43vJetP4kgHgfjyZSv4w",
  "expires_in": 3600,
  "required_password_reset": false,
  "required_terms_and_conditions_check": false
}

scope: This parameter indicates the scope of the access token. In this case, "all" means that the token grants access to all the permissions available to the user.
access_token: This is the actual token that grants access to the API. It's a string that encodes various pieces of information, such as the user's identity and permissions. It's typically a JWT (JSON Web Token) and is used in the Authorization header of API requests to authenticate the user.
token_type: This parameter specifies the type of the token issued. In this case, it's a "bearer" token, which means the token should be included in the Authorization header with the prefix "Bearer" when making API requests.
refresh_token: This token is used to obtain a new access token without re-authenticating the user. It is also a JWT and has a longer lifespan than the access token. When the access token expires, the refresh token can be used to get a new one.
expires_in: This parameter indicates the number of seconds until the access token expires. In this example, the access token will expire in 3600 seconds (or 1 hour).
required_password_reset: This Boolean parameter indicates whether the user needs to reset their password. In this case, false means that a password reset is not required.
required_terms_and_conditions_check: This Boolean parameter indicates whether the user needs to accept the terms and conditions. In this case, false means that the user has already accepted the terms and conditions or that no such check is required.

Failure:

The request fails if you provide an incorrect ID (tenantId) of your banking instance.

{
  "timestamp": "2023-06-26T08:01:34.126+00:00",
  "status": 400,
  "error": "Bad Request",
  "path": "/oauth/token"
}

Step 2: Use the Token

Once you have obtained the access token, you can use it to authenticate your API requests

against MBanq's Cloud API. The access token should be included in the request headers for all subsequent API calls.

By following these guidelines, you can effectively authenticate your requests and access the MBanq Cloud API to perform various banking operations.

Tutorial: Access Token - System User

📘
API References for Endpoints in this tutorial:

When using the API, keep the following points in mind:

📘
Before you begin: Make sure you have created a banking instance in the MBanq Console and have the ID of your banking instance available.

Step 1: Obtain an Access Token

Request

Response

Step 2: Use the Token

📘API References for Endpoints in this tutorial:

When using the API, keep the following points in mind:

📘Before you begin: Make sure you have created a banking instance in the MBanq Console and have the ID of your banking instance available.

Step 1: Obtain an Access Token

Request

Response

Step 2: Use the Token

📘
API References for Endpoints in this tutorial:

📘
Before you begin: Make sure you have created a banking instance in the MBanq Console and have the ID of your banking instance available.