OAuth 2.0 API
The OAuth 2.0 API provides a secure, standards‑based mechanism for authenticating applications that integrate with Fortis Bank APIs. It ensures that only authorized applications can initiate API calls—protecting your data and our system integrity.
What This API Enables
-
Access Token Generation
Obtain short‑lived access tokens (valid for 3600 seconds) by exchanging yourclient_idandclient_secret. -
Token‑Based Authentication
Use the returned bearer token to authorize API calls across Fortis services.
Credentials are passed over TLS, never stored in application code, and rotate regularly to maintain your security posture.
Supported Content Types
This endpoint accepts credentials in either:
- URL‑encoded form (
application/x-www-form-urlencoded) - JSON (
application/json)
Token Endpoint
POST /oauth2/token HTTP/1.1
Host: apim.workato.com
1. URL‑Encoded Request
POST /oauth2/token HTTP/1.1
Host: apim.workato.com
Authorization: Basic ${Base64(<CLIENT_ID>:<CLIENT_SECRET>)}
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
2. JSON Request
POST /oauth2/token HTTP/1.1
Host: apim.workato.com
Content-Type: application/json
{
"grant_type": "client_credentials",
"client_id": "<CLIENT_ID>",
"client_secret": "<CLIENT_SECRET>"
}
Response
A successful response returns a JSON object with your access token details:
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "bearer",
"expires_in": 3600
}
| Field | Description |
|---|---|
access_token | Bearer token to include in API requests. |
token_type | Always bearer. |
expires_in | Token lifetime in seconds (usually 3600). |
Using the OAuth 2.0 Access Token
Include your bearer token in the Authorization header of API requests:
curl -X GET 'https://example-url.com/payments/credits' \
-H 'Authorization: Bearer <ACCESS_TOKEN>'