Authorization

OAuth 2.0 Service Credentials authorization

Overview : We will provide you with the service credentials and service_scope, so that your service authenticates itself, pulls down an access token, and uses it to call APIs.

Authorization URLs:

token_endpoint : https://login.BASE.URL/digidoe/connect/token
revocation_endpoint : https://login.BASE.URL/digidoe/connect/revocation
introspection_endpoint : https://login.BASE.URL/digidoe/connect/introspect

tip

Note: You can also fetch the server’s metadata (so you don’t have to hard-code URLs) via
GET https://login.BASE.URL/digidoe/.well-known/openid-configuration

Token Request

Your client makes a POST to the token_endpoint:
POST https://login.BASE.URL/digidoe/connect/token\
- Content-Type: application/x-www-form-urlencoded
  grant_type=client_credentials
  &client_id=YOUR_CLIENT_ID
  &client_secret=YOUR_CLIENT_SECRET
  &scope=dd_public_api\

Response will be a JSON object:

{
"access_token": "...",
"expires_in": 3600,
"token_type": "Bearer",
"scope": "dd_public_api"
}

Calling API

Include the returned token on every request to DD public API:
ie: POST /kyc/public/{customerId}/application\
- Authorization: Bearer eyJ0eXAiOiJKV1QiLC...

Introspection (optional)

POST https://login.BASE.URL/digidoe/connect/introspect
Content-Type: application/x-www-form-urlencoded
Authorization: Bearer eyJ0eXAiOiJKV1QiLC...
&client_id=YOUR_CLIENT_ID
&client_secret=YOUR_CLIENT_SECRET
Response:

{ 
"active": true, 
"scope": "dd_public_api",
"exp": 1598870400,
…	
} 

Revocation (if needed)

To revoke a token (e.g. on shutdown), call:
POST https://login.BASE.URL/digidoe/connect/revocation
Content-Type: application/x-www-form-urlencoded
Authorization: Bearer eyJ0eXAiOiJKV1QiLC...
&token_type_hint=access_token
&client_id=YOUR_CLIENT_ID
&client_secret=YOUR_CLIENT_SECRET

OAuth 2.0 Service Credentials authorization​

Authorization URLs:​

Token Request​

Calling API​

Introspection (optional)​

Revocation (if needed)​