3

I am trying to use the demo site api https://openbanking.wso2.com/demo and on the User Authentication step i get Failed Authentication with SMSOTP 400 : BAD REQUEST even when the 

url https://api-openbanking.wso2.com/AuthorizeAPI/v1.0.0/?response_type=code&scope=payments&state=cGlzcDoyMTU2&client_id=YOUR_CLIENT_ID&redirect_uri=https://openbanking.wso2.com/authorize_callback.do

is copied from the demo page. Has anyone been able to use this API ?

Abimaran Kugathasan
  • 31,165
  • 11
  • 75
  • 105
sejuba
  • 63
  • 5
  • 1
    Hi Sejuba, I'm part of the team behind WSO2 Open Banking. Could you please verify, whether you have provided a valid phone number with the country code during the registration process. [E.g., +44 xxx xxx xxxx for a UK phone number]. You can do this by login in here wso2.com/user/login – udarakr Sep 11 '17 at 10:04
  • This is actually the correct answer. – sejuba Sep 12 '17 at 06:45

1 Answers1

0

The alternate method works 

curl -k -d "grant_type=client_credentials&scope=accounts payments" -H "Authorization: Basic "XXXXXXX" https://api-openbanking.wso2.com/TokenAPI/v1.0.0/
Abimaran Kugathasan
  • 31,165
  • 11
  • 75
  • 105
sejuba
  • 63
  • 5
  • 2
    Yes, this works because it is requesting a token for the application use and no end user authentication in involved. Hence it doesn't perform SMSOTP step. Tokens generated from this mechanism should only be used with APIs providing meta details for applications, but not when dealing with end user specific APIs. – Pushpalanka Sep 11 '17 at 10:59