Dynamic Client Registration
This API supports the automated onboarding for data recipient applications, called Dynamic Client Registration (DCR). It follows OAuth specification RFC7951 with some limitatations and other minor enhancements. A special DCR token will be issued upon initial data recipient approval. This token must be passed in the authorization header: Authorization: Bearer ${DCR token}
DCR requests must originate from a whitelisted IP address configured during the onboarding process.
Available Endpoints
| Endpoint | Description |
|---|---|
POST /oauth2/v4/register | Creates and returns a new client. |
GET /oauth2/v4/register/${client_id} | Returns information about the specified client. |
PUT /oauth2/v4/register/${client_id} | Updates and returns information about the specified client. |
DELETE /oauth2/v4/register/${client_id} | Deletes the specified client. |
Client Response Fields
| Field | Data Type | Description |
|---|---|---|
categories | Array | An array of categories passed when creating the client. |
client_id | String | The unique identifier for the client. Defined by the API. |
client_id_issued_at | Integer | The date and time the client_id was issued, given in Unix time. |
client_name | String | The human-readable name of the client. |
client_secret | String | The client secret issued by the API. |
client_secret_expires_at | Integer | The date and time at which the client secret expires, given in Unix time. 0 indicates the client secret doesn't expire. Defaults to 0. |
grant_types | Array | The grant types issued to the client. |
logo_uri | String | A URI pointing to a logo for the client application. |
redirect_uris | Array | An array of redirect URIs. |
software_id | String | The unique identifier for the client application. Defined by the data recipient when creating the client. |
Create a Client
Use this endpoint to create a new client. This endpoint expects a JSON object in the request body with the following attributes defined:
Parameters
| Name | Required? | Notes |
|---|---|---|
categories | No | --- |
client_name | Yes | --- |
grant_type | Yes | Only authorization_code type supported; refresh_token is implied. |
logo_uri | No | --- |
redirect_uris | Yes | This array must contain only one URI. |
scope | Yes | A space-separated list of customer data access rights desired for the client. This list must contain openid and may contain any subset of the available scopes:customersaccountstransactionsstatementsoffline_access is implied and doesn't need to be provided. |
software_id | Yes | --- |
Endpoint: POST /oauth2/v4/register
Invalid Scope Error
_10HTTP/1.1 400 Bad Request_10Content-Type: application/json_10_10{_10 "error":"invalid_client_metadata",_10 "error_description":"Scope account is not a permitted scope"_10}
Invalid DCR Token Error
_10HTTP/1.1 401 Unauthorized
Invalid Redirect URI Error
_10HTTP/1.1 400 Bad Request_10Content-Type: application/json_10_10{_10 "error":"invalid_redirect_uri",_10 "error_description":"Validation failed: Redirect uri must use https"_10}
Read a Client
Use this endpoint to read the details of the specified client.
Endpoint GET /oauth2/v4/register/{client_id}
Update a Client
Use this endpoint to update the attributes of the specified client.
No specific parameter is required, but the request body cannot be empty.
Parameters
| Name | Required? | Notes |
|---|---|---|
categories | No | ------ |
client_name | No | ------ |
logo_uri | No | ------ |
redirect_uris | No | ------ |
software_id | No | ------ |
Endpoint: PUT /oauth2/v4/register/{client_id}
Delete a Client
Use this endpoint to delete the specified client.
Deleting a client will revoke all existing customer consents attached to the application.
This action cannot be undone.
Endpoint: DELETE /oauth2/v4/register/{client_id}