Authentication

The APIs are protected by OAuth 2.0 Authentication. With OAuth 2.0, the Grant Type is used Client Credentials.

For the Client Credentials grant type, the flow is as follows:

     1. Obtain OAuth 2.0 Client Credentials from the Garanti API Store via Manage Applications page

     2. Request an access token from Garanti API Store Token Endpoint with the Client ID, Client Secret, Grant Type and Redirect URI

     3. The access token is redirected to the specified URL as defined by the redirect_uri

Before your application can access the APIs, it must obtain a new access token for each request. The access token can be used only one time.

Access Token Query Parameters

Client ID Enter the ID assigned to the user from the Garanti API Store. This is the same as the API key generated on the Portal via “Adding New Applications”. 
Client Secret Enter the client secret assigned to the user from the Garanti API Store. This field is the same as the Key Secret.
Scope Refer to the Garanti API Store for a list of available scopes and requirements. By default, the Scope to be set to OOB ( Out of Band)
Grant Type The OAuth 2.0 method defines four base grant types. The Garanti API Store expects Client Credentials grant type
Redirect URI The access token is redirected to this URI. This field must be same as Callback URL on the Portal via “Adding New Applications”.
 

Getting Access Token

Access Token is required to call APIs. Obtaining access token to request token endpoint by making a POST request with the Client credentials grant type, Client ID, Client Secret and Redirect URI.

In order to get access token, developer has to create Rest Web Service that is going to get the access token which is sent by Garanti API Store asynchronously with POST request. Rest Web Service url has to be the same with the callback url you set in the Garanti API Store while you are creating the Applications.

Garanti API Store Token Endpoint :https://apis.garanti.com.tr/auth/oauth/v2/token