The APIs are protected by OAuth 2.0 Authentication. With OAuth 2.0, the Grant Type is used Client Credentials.
For the Client Credentials grant type, the flow is as follows:
1. Obtain OAuth 2.0 Client Credentials from the Garanti BBVA API Store via Manage Applications page
2. Request an access token from Garanti BBVA API Store Token Endpoint with the Client ID, Client Secret, Grant Type and Redirect URI
3. The access token is redirected to the specified URL as defined by the redirect_uri
Before your application can access the APIs, it must obtain a new access token for each request. The access token can be used only one time.
Access Token Query Parameters
|Client ID||Enter the ID assigned to the user from the Garanti BBVA API Store. This is the same as the API key generated on the Portal via “Adding New Applications”.|
|Client Secret||Enter the client secret assigned to the user from the Garanti BBVA API Store. This field is the same as the Key Secret.|
|Scope||Refer to the Garanti BBVA API Store for a list of available scopes and requirements. By default, the Scope to be set to OOB ( Out of Band)|
|Grant Type||The OAuth 2.0 method defines four base grant types. The Garanti BBVA API Store expects Client Credentials grant type|
|Redirect URI||The access token is redirected to this URI. This field must be same as Callback URL on the Portal via “Adding New Applications”.|
Getting Access Token
Access Token is required to call APIs. Obtaining access token to request token endpoint by making a POST request with the Client credentials grant type, Client ID, Client Secret and Redirect URI.
In order to get access token, developer has to create Rest Web Service that is going to get the access token which is sent by Garanti BBVA API Store asynchronously with POST request. Rest Web Service url has to be the same with the callback url you set in the Garanti BBVA API Store while you are creating the Applications.
Garanti BBVA API Store Token Endpoint :https://apis.garantibbva.com.tr/auth/oauth/v2/token