Flow

Step 1: Obtain access token

Authorizing access to Identity API follows OAuth 2.0  Client Credential Grant  flow with scope IDENTITY

In this sub step, your application requests an access token from the auth service’s token endpoint. You just need to call POST.../ identity/production/auth/oauth/v2/token request and fetch the access token.

 

Step 2: Create session and redirect user:

In order to create identity session:

  1. Your application can call  POST /identity/{env}/v1/sessions request with valid access token.
  2. The service validates access token and returns sessionId and identityProcessUrl
    • sessionId - unique generated identificator for identity session.
    • identityProcessUrl - URL link to front end Identity application.
  3. After successful call to create session, your application should redirect the user to provided identityProcessUrl.
  4. Your application will obtain just process status and sessionId. About details of idetification process, your application will call GET /status method described further.

 

e.g.

https://api.tatrabanka.sk/identity/sandbox/v1/sessions

Post:

POST /identity/sandbox/v1/sessions HTTP/1.1

X-Request-ID: 12340f7-be91-1fa26336c855

Authorization: Bearer 1231-423f-8c88-e2700b4a4346

PSU-IP-Adress: 111.01.10.1

PSU-User-Id: 1

Content-Type: application/json

User-Agent: PostmanRuntime/7.28.0

Accept: */*

Cache-Control: no-cache

Postman-Token: 1234124-43a7-92ea-4134e2574197

Host: api.tatrabanka.sk

Accept-Encoding: gzip, deflate, br

Connection: keep-alive

Content-Length: 42

{

"redirectUrl": "https://your-application-site.io"

}

 

 Response:

HTTP/1.1 201 Created

Response-ID: 1213123123-8316-47417503d0b0

X-Request-ID: 1213123123-be91-1fa26336c855

Content-Type: application/json;charset=UTF-8

Content-Length: 301

Date: Mon, 28 Mar 2022 09:49:30 GMT

Keep-Alive: timeout=60

Connection: keep-alive

Server: Layer7-API-Gateway

Strict-Transport-Security: max-age=31536000; includeSubDomains

Vary: Accept-Encoding

 

{

"sessionId": "1213123123-479c-8147-c0d38755b61b",

"identityProcessUrl": "https://api.tatrabanka.sk/identity/sandbox/v1/app?sessionId=1213123123-479c-8147c121312312355b61b&client_id=121312312349ef197d5&hmac=1213123123f7ace2efcde9"

}

 

Step 3: Get session status

In case that there is no unexpected event and FE session will be finished (CANCELED, DONE, REJECTED) the status will be sent with redirectUrl as a parameter. To get the status of identity session explicitly, your application can call GET /identity/production/v1/sessions/{session-Id}/status with valid sessionId and token. You will receive sessionStatus. Your application can call this method if sessionId has been already created.

 

e.g.

https://api.tatrabanka.sk/identity/sandbox/v1/sessions/sessionId/status

Post:

GET /identity/sandbox/v1/sessions/123123-5d3b-479c-8147-123123/status HTTP/1.1

X-Request-ID: 123123-441a-9721-635b931eb453

Authorization: Bearer 4123123-02e1-423f-8c88-e2700b4a4346

PSU-IP-Address: 1112212127.0.0.1

PSU-User-Id: 1

User-Agent: PostmanRuntime/7.28.0

Accept: */*

Cache-Control: no-cache

Postman-Token: 123123-41fc-8c9b-3f1312e88d69

Host: api.tatrabanka.sk

Accept-Encoding: gzip, deflate, br

Connection: keep-alive

 

Response:

HTTP/1.1 200 OK

Response-ID: 123b-9d63-49d7-9df7-3f8aee9b3c7f

X-Request-ID: 1232-ee1a-4020-82d8-0128339ce15f

Content-Type: application/json;charset=UTF-8

Content-Length: 31

Date: Thu, 31 Mar 2022 09:50:09 GMT

Keep-Alive: timeout=60

Connection: keep-alive

Server: Layer7-API-Gateway

Strict-Transport-Security: max-age=31536000; includeSubDomains

Vary: Accept-Encoding

 

{

"sessionStatus": "DONE"

}

 

Step 4: Get identity result

In case of status DONE- identity process was sucessfuly finished, it means it fulfills minimum requirements for DONE status. To get the result of identity session, your application will call GET /identity/production/v1/sessions/{session-Id}/result. If sessionStatus = DONE , the response contains details of identity session, otherwise just status and reasonCode.

In order to see example of  response in case of "sessionStatus": "DONE"  check this file

 

e.g.

https://api.tatrabanka.sk/identity/sandbox/v1/sessions/sessionId/result

Post:

GET /identity/sandbox/v1/sessions/123123-5d3b-479c-8147-c0d38755b61b/result HTTP/1.1

X-Request-ID: 123123ddc5-4c77-b8ff-a36c37dd09a4

Authorization: Bearer 123123-02e1-423f-8c88-e2700b4a4346

User-Agent: PostmanRuntime/7.28.0

Accept: */*

Cache-Control: no-cache

Postman-Token: 123123-0fd3-4bef-aac1-309884b54f72

Host: api.tatrabanka.sk

Accept-Encoding: gzip, deflate, br

Connection: keep-alive

 

Response:

HTTP/1.1 200 OK

Response-ID: 1231239e3e-4e3b-a57e-4dc618937bb0

X-Request-ID: 123123ddc5-4c77-b8ff-a36c37dd09a4

Set-Cookie: 12312345d3=487c41ba39406cddc773254265347f87; Path=/identity/sandbox/v1/sessions/1231235d3b-479c-8147-c0d38755b61b; HttpOnly; Domain=intapi.tatrabanka.sk; Secure

Set-Cookie: ROUTEID=.1; Domain=intapi.tatrabanka.sk; Path=/identity/sandbox/v1/sessions/1231235d3b-479c-8147-c0d38755b61b; Secure; Httponly

Content-Type: application/json;charset=UTF-8

Content-Length: 67

Date: Mon, 28 Mar 2022 10:03:15 GMT

Keep-Alive: timeout=60

Connection: keep-alive

Server: Layer7-API-Gateway

Strict-Transport-Security: max-age=31536000; includeSubDomains

Vary: Accept-Encoding

{

"status": "REJECTED",

"reasonCode": "LIVENESS_CHECK_FAILED"

}