
This URL returns a JSON listing of the OpenID/OAuth endpoints, supported scopes and claims, public keys used to sign the tokens, and other details. The clients can use this information to construct a request to the OpenID server. The field names and values are defined in the OpenID Connect Discovery Specification.


curl -i  \ 
 -X GET "/.well-known/openid-configuration/:provider_code"

Example of request

  "provider_code": "demobank"

Example of response

  "token_endpoint_auth_signing_alg_values_supported": [
  "issuer": "https://priora.saltedge.com",
  "authorization_endpoint": "https://connector.saltedge.com/demobank/authorize",
  "token_endpoint": "https://priora.saltedge.com/api/oidc/tokens",
  "registration_endpoint": "https://priora.saltedge.com/open_banking/v3.2/tpp/register",
  "service_documentation": "https://priora.saltedge.com/docs/open_banking",
  "jwks_uri": "https://priora.saltedge.com.oidc/demobank/jwks",
  "scopes_supported": [
  "response_types_supported": [
  "grant_types_supported": [
  "token_endpoint_auth_methods_supported": [
  "request_object_signing_alg_values_supported": [

GET /.well-known/openid-configuration/:provider_code

Request parameters
provider_code (path)
string, required
Human readable Provider identifier. Can raise: NotFound, Forbidden

string, required
Issuer identifier URL
string, required
URL of the authorization server's authorization endpoint
string, required
URL of the authorization server's token endpoint
string, required
URL of the authorization server's OAuth 2.0 Dynamic Client Registration Endpoint
string, required
URL of a page containing human-readable information that developers might want or need to know when using the authorization server
string, required
URL of the authorization server's JWK Set document
array, required
JSON array containing a list of the OAuth 2.0 "scope" values that this authorization server supports Allowed values: openid, accounts, payments, fundsconfirmations
array, required
JSON array containing a list of the OAuth 2.0 "response_type" values that this authorization server supports Allowed values: code
array, required
JSON array containing a list of the OAuth 2.0 "grant_type" values that this authorization server supports Allowed values: client_credentials, authorization_code, refresh_token
array, required
JSON array containing a list of client authentication methods supported by this token endpoint Allowed values: client_secret_basic, private_key_jwt
array, required
JSON array containing a list of the JWS signing algorithms supported by the token endpoint for the signature on the JWT used to authenticate the client at the token endpoint Allowed values: RS256, PS256
array, required
JSON array containing a list of the JWS signing algorithms supported by Salt Edge PSD2 Compliance Solution. Allowed values: RS256, PS256
Related Errors
Class Code Description
Forbidden 403 Specified resource is not allowed to perform an action.
NotFound 404 Specified resource doesn't exist or doesn't correspond.


This URL returns a JSON object that represents a set of JWKs


curl -i  \ 
 -X GET "/api/oidc/:provider_code/jwks"

Example of request

  "provider_code": "demobank"

Example of response

  "keys": [
      "kty": "RSA",
      "use": "sig",
      "kid": "2f201e95d5aa1681a74c65949a48e851111cf623387fedc9a135369db823a57a",
      "e": "AQAB",
      "n": "qp0_0OInrcOqHCxyGOzn_XCo2G_JR3IrQA95ykx_31u_eJjV6cs01jDyeLXXJh-ZNYKuoRBhBebXbee-U89MPhKCT2vpXA5Cgi2r60FXztFpnhY1350xULOcHIo3rOSjQVxRIZ0MFKpPPdrftU2O8ogfksstec4z5K9v0C37BB6XZXRFdZxEhuITgwZBEyVmows01XKCz4bEfytAisftAhji7ufNpJNK6k75wN7_twHRxnw8hex8sJfYdY-lcBlJHqqRkAKo5v_pB0Iy0lqox-GaPJYxUHibgMbbFmTJPc0juuMtl5Xuhe3kijuyg1OqiswOoy-idHx215P8RChFqQ"

GET /api/oidc/:provider_code/jwks

Request parameters
provider_code (path)
string, required
Human readable Provider identifier.

The token endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token. The token endpoint is used with every authorization grant except for the implicit grant type (since an access token is issued directly).


curl -i  \ 
 -H "Content-Type: application/x-www-form-urlencoded" \ 
 -H "Authorization: Basic bFZNaHFFakdET1ZrMnNnOV9JNDN1Zzp3a0JoME9TSlJ1R2QycFIxUV9vMEdhTUhNV21GU3J3QXBBSGFjSEdLaW2gq" \ 
 -X POST "/api/oidc/:provider_code/tokens"

Example of request

  "provider_code": "demobank",
  "grant_type": "authorization_code",
  "code": "e4f1tj922",
  "client_id": "20d3fdd6-a7ac-4043-a7dd-f885dc320956",
  "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
  "client_assertion": "jwt encoded client assertion",
  "redirect_uri": "http://host/redirect_url"

Example of response

  "access_token": "AFpjf1410fAMA",
  "id_token": "jwt encoded client token data",
  "refresh_token": "560dd8e9d960a2e160ca2b24198a40a76ee032cbb4b5af61ac47298b730ed903",
  "token_type": "Bearer",
  "scope": [

POST /api/oidc/:provider_code/tokens

Header Type Description
Content-Type string, required The media type of the body of the request. Allowed values: application/x-www-form-urlencoded
Request parameters
string, required
Human readable Provider identifier. Can raise: NotFound, Forbidden
string, optional
Client application identifier.
string, required
The format of the assertion as defined by the authorization server. The value will be an absolute URI. Allowed values: client_credentials, authorization_code, refresh_token
string, required
The format of the assertion as defined by the authorization server. The value will be an absolute URI. Allowed values: urn:ietf:params:oauth:client-assertion-type:jwt-bearer
string, required
The assertion being used to authenticate the client. Specific serialization of the assertion is defined by profile documents. Can raise: InvalidClientAssertion, NotFound
string, required
The same URI as it was used in authorize endpoint.
string, required
The same code as TPP got after authorize endpoint. Can raise: NotFound, InvalidRequest, TooEarly

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.

string, required
The access token issued by the authorization server.
string, required
The id of the access_token on the Salt Edge PSD2 Compliance Solution side.
string, required
The refresh token, which can be used to obtain new access tokens using the same authorization grant.
string, required
The type of the token issued. Allowed values: Bearer
string, required
Scopes that included in access_token.
Related Errors
Class Code Description
InvalidClientAssertion 400 Given client_assertion is invalid or malformed.
InvalidRequest 400 Given data is invalid. More in message.
Forbidden 403 Specified resource is not allowed to perform an action.
NotFound 404 Provider for given code is not found
TooEarly 425 Request was sent too early, please try again later.