Authentication

API Plan Change From Sandbox To Production

After developing your applications and completing tests in sandbox environment, you will be ready to consume our APIs and open your services to Garanti BBVA Romania customers.

Follow the steps below and change your API Plan to Production from Sandbox.

Go to your “Applications” under “Dashboard” page.

Open your application via "Edit" button.

Go to “API Management” tab and make your request to change API Plan to Production.

And wait for the portal admins to approve your request!

You will be notified via e-mail when your plan is changed to Production.

Before start using our APIs in Production, please see below Dynamic Registration, Intent-ID Generation and Getting Access Token sections.

Dynamic Registration

Dynamic registration needs be performed only once before start using Garanti BBVA API Store, in order to get Client ID and Client Secret. Once these credentials are obtained, they should be declared in every API request.

API Profile

API Profile

Attribute

Value

Name Dynamic Registration
Version V1
Description Registration for Client Credentials
Pre-Conditions HTTP POST method is allowed.

Endpoint 

EndPoint

URI /register/v1
Base URL https://apis.garantibbva.ro:443

Request Header

Attribute

Type

Condition

Description

Content-Type String Mandatory application/json

Request Body

Attribute

Type

Condition

Description

redirect_uris Array of Strings Mandatory URIs TPPs will be redirected after access token generation and customer login
company_name String Mandatory TPP Name

Response Body

Attribute

Type

Condition

client_id String Mandatory
client_secret String Mandatory
 

Sample Request Header


     Media Type: application/json

Sample Request Body


    {
      “redirect_uris”: [  “https://www.TPPurl.com”,
                          ”https://tpp.application.ro/sso-ro”,
                          ”https://tpp.application.ro/sso-en”  ]
      “company_name”:”TPP Applications Inc”
    }

Sample Response


    {
      “client_id”: “bcSGpxk12srdo6Uams1H”, “client_secret”: “NAUY9Gz5aMeNuMzj5Zxc”
    }

Intent-ID Generation

“Establish Account Information Consent” and “Single Payment Initiation” APIs requires an Intent-ID in request header.

 

API Profile

API Profile

Attribute

Value

Name Intent-ID Generation
Version V1
Description Generation of Intent-ID for further API requests
Pre-Conditions HTTP GET method is allowed.

Endpoint 

EndPoint

URI /intent/v1
Base URL https://apis.garantibbva.ro:443

Request Header

Attribute

Type

Condition

Client-ID String Mandatory
Client-Secret String Mandatory

Response Body

Attribute

Type

Condition

Intent-ID UUID Mandatory
 

Sample Request Header


  Client-ID Aq3YıclWzsTggjiDp7XF
  Client-Secret SFwXRNb5dhllouoieORn

Sample Response


 {
   “Intent-ID”: “9204bbda-2a9b-4692-b0fe-d6628fffbaf6”
 }

Getting Access Token

Access Token is required to call APIs which requires “Authorization” attribute in request header and can be obtained from token endpoint by making a POST request with the Authorization Code grant type, Authorization Code, Client ID, Client Secret and Redirect URI.

In order to get access token, developer has to create Rest Web Service that is going to get the access token from Token API provided by Garanti BBVA API Store with POST request.

Garanti BBVA API Store Token Endpoint : https://apis.garantibbva.ro/token/v1

API Profile

API Profile

Attribute

Value

Name Access Token Generation
Version V1
Description Generation of Access Token in return of Authorization Code
Pre-Conditions HTTP POST method is allowed.

Endpoint 

EndPoint

URI /token/v1
Base URL https://apis.garantibbva.ro:443

Access Token Request Parameters

Client-ID Client ID assigned to the user via Dynamic Registration.
Client-Secret Client Secret assigned to the user via Dynamic Registration
Code Authorization Code that generated after customer login.
Grant-Type The OAuth 2.0 method defines four base grant types. The Garanti BBVA API Store expects Authorization Code grant type.
Redirect-URI The access token is redirected to this URI. Has to be one of the URLs declared in Dynamic Registration request.

Sample Request


  client_id=jf9uzXRwWOnBkUc48Ax5&client_secret=uAhihPSMCcjTlUJq0s09&code=GWtnDONbjOodtyc4yfcVfULgbQ9j8f&grant_type=authorization_code&redirect_uri=https://www.TPPurl.com

Sample Response


  {
    "access_token": "EkqAaG3SYmlTVvPeFDpQm"
  }