Account Management API (LATEST)

API Integration Support: integration@dintero.com License: UNLICENSED

API for managing accounts and authentication

Changelog

All notable changes to the API.

2021-10-01

2021-06-01

Add support for configuring SMS MFA for account user

2021-03-01

Make Swish cert and passphrase not required

Add support for changing account user password

Add support for authorize when verifying a signup.

2021-02-01

Document 429 Too Many Requests response from

Break: Require ident_type and ident to be include when requesting token with grant_type=authorization_code

Add support for sending verification code for passwordless login via SMS, and session_id={uuid} to resend the same verification code again Remove unsupported request options,send=linkandtype=account`.

2021-01-01

Add support for logging on without MFA even if configured with MFA

Add support for managing account users scopes with roles.

2020-11-01

Extend the endpoint for getting user accounts to include the accounts display_name and icon_url.

Add support for account users authenticated by external Identity providers. External authentication is limited to account users created with authentication_type=external.

Following endpoints has been updated to allow Bearer authorization using ID token issued by external Identity provider.

Account has been updated with jwks.uri property that is required to validate the ID tokens issued by external identity providers.

2020-09-01

Add new endpoint for handling HTTP redirect with ID token query parameter

Add new endpoint for uploading assets

2020-01-31

Add support for applicant.agreement.attachments

Add support for enabling MFA (OOB) for auth users.

2019-12-31

Extend the AccountApplicant with support for promo_code and utm campaign codes.

2019-11-31

Add support for creating client with description

2019-09-31

Extend settings with PayEx connections

2019-06-31

The scope required for accessing endpoint has changed, we will continue to support the old scopes but they was removed from the documentation

Support search, limit and starting_after query parameter when listing partner accounts

Support for issuing exchange token for a sub-account, to allow partner accounts to manage sub accounts.

2019-05-31

Support for including a Refresh Token when requesting an Access Token. Use grant-type=refresh_token to get an Access Token from a Refresh Token.

Support for revoking a Refresh Token

2018-12-17

Rename typo in Account definition All bussiness_name properties renamed to business_name

Authentication

clientAuth

Authorization by using the Basic schema with client_id and client_secret as username/password

Security Scheme Type HTTP
HTTP Authorization Scheme basic

JWT

Authorization by using the Bearer schema The content of the header should look like the following:

Authorization: Bearer {access_token}

where the token is JSON Web Tokens (JWT).

Security Scheme Type API Key
Header parameter name: Authorization

authenticate

Authorize Passwordless link

This endpoint is used to authorize Passwordless link sent to user by email/sms.

A valid request will redirect to This is the OAuth 2.0 grant that Client-side web apps utilize in order to access an API.

Authorizations:
path Parameters
oid
required
string <^[PT]{1}(?=(?:.{3}|.{8})$)[0-9]*$>

An id that uniquely identifies the account or owner (partner)

query Parameters
audience
required
string

The unique identifier of the target API you want to access.

response_type
required
string
Value: "authenticate"

This will specify the type of token you will receive at the end of the flow. Use token to get only an access_token

If response_type=token, after the user authenticates with the provider, this will redirect them to your application callback URL while passing the access_token in the address location.hash. This is used for Single Page Apps and on Native Mobile SDKs.

client_id
required
string

Your application's Client ID.

verification_code
required
string

one-time verification-code

scope
string
Value: "openid"

The scopes which you want to request authorization for.

state
string

An opaque value the clients adds to the initial request that Dintero includes when redirecting the back to the client. This value must be used by the client to prevent CSRF attacks.

redirect_uri
string

The URL to