Description and Details
This API is used to exchange an authorization code for an access token in the AISP (Account Information Service Provider) flow. After the user completes authorization via the /authorize endpoint, the application calls this /token endpoint to securely obtain a bearer token. This token is then used to access the user’s account information on behalf of the third-party provider (TPP).
Endpoint
https://api-dev-isolution.xyz/aisp/token
VERB Method
POST
Request Headers Parameters
| Header Key | Value | Description |
|---|---|---|
| Content-Type | application/x-www-form-urlencoded | Required: Specifies body format |
| Accept | application/json | Response expected in JSON |
| Authorization | Basic {base64(client_id:client_secret)} | Required: Basic authentication header |
Body Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| grant_type | string | Yes | Must be "authorization_code" |
| code | string | Yes | The authorization code from /authorize step |
| redirect_uri | string | Yes | Same as used in the /authorize request |
| client_id | string | Yes | Client identifier issued to the app |
| client_secret | string | Yes | Secret assigned to the client |
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| access_token | string | Bearer token for authenticated API access |
| token_type | string | Token type (usually "Bearer") |
| expires_in | integer | Time until token expiry (in seconds) |
| refresh_token | string | Token to obtain new access token |
| scope | string | Scopes granted with the token |
HTTP Codes
| Code | Meaning |
|---|---|
| 200 | OK – Token generated successfully |
| 400 | Bad Request – Missing or malformed parameters |
| 401 | Unauthorized – Invalid client credentials |
| 403 | Forbidden – Client lacks permission |
| 500 | Internal Server Error |