Login

All API requests should contain access token to proceed server side authentication. You can get one by sending POST request to endpoint https://api-test.lpb.lv/oauth2/token. Following example shows how to get token information using curl:

curl -X POST -d "grant_type=password&client_id=lpb&username=username&password=password" -H "Content-Type: application/x-www-form-urlencoded" https://api-test.lpb.lv/oauth2/token

Server should respond with status code 200 and content similar to:

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJXTDVNdElqYk1aTUhDRzJrcmZjd3V1NEdmN2t2bFJEbGxkNGhPdVBteHljIn0.eyJleHAiOjE2NzQwNTgxMDIsImlhdCI6MTY3NDA1MDkwMiwianRpIjoiZTkzZmQ3YmMtYTllOC00MjlhLTlkMmItNDQ3N2EwODliNGZjIiwiaXNzIjoiaHR0cHM6Ly9hcGktdGVzdC5scGIubHYvYXV0aC9yZWFsbXMvT0VPQXV0aCIsImF1ZCI6WyJvZWFibEFwcCIsImFtcXAiXSwic3ViIjoiNDlhY2YzOWItMGZmNC00YzAxLThkYzktZDg2ZjlkODViOWQ5IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoibHBiIiwic2Vzc2lvbl9zdGF0ZSI6ImRlN2YzYWFjLTJhMWQtNDczZC1hNTA1LTdjNzNhZjE1NzdlMiIsImFjciI6IjEiLCJzY29wZSI6IlBTQ1VzZXIiLCJhbXFwIjoiYW1xcC5jb25maWd1cmU6JTJmLyouNDlhY2YzOWItMGZmNC00YzAxLThkYzktZDg2ZjlkODViOWQ5IGFtcXAucmVhZDolMmYvKi40OWFjZjM5Yi0wZmY0LTRjMDEtOGRjOS1kODZmOWQ4NWI5ZDkiLCJjbGllbnRfaWQiOiJscGIudGVzdCJ9.JY8CE8NR6qSF7mw576m6IC1Z-4u3ev-LY3oJN3lHjDoDOgPt8isy3XBUjEcRrUQ5YdhZAl6EoxlrrqJOmfydAHhyHXlglZMKJsmk3V5KD_g9uMWavwISm0HNOgh8ljmd-NfdaRwdYzD3B0vfqs3bqAX6p3QWPJRQBAppPv-z890EMA4pQif4DsCsesscou0G1nv6QQuFDLRFudRmRAYVYfoue0hvQ5kFHiIWuzq2GOLr3AQV6qMSfy3N0JwZj_6FTcg3eW9tZlrM_3d2nJ5tFIWo_JEOl3cqgi9BLVDDdFoWMKasW_1Qj0CAyqN0dkyyuQn2Q_tbhI7TMipTrgLV-Q",
  "expires_in": 7200,
  "not-before-policy": 1669815462,
  "refresh_expires_in": 1800,
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIxNjM3M2Q0ZS1jNjc0LTQ4ZTYtODljMy1lMTY1ZTE1MTIyOGUifQ.eyJleHAiOjE2NzQwNTI3MDIsImlhdCI6MTY3NDA1MDkwMiwianRpIjoiNThhMzk5ODQtZjYxNC00YTdmLWJiYTAtMzIwMWIzMWI3Njk5IiwiaXNzIjoiaHR0cHM6Ly9hcGktdGVzdC5scGIubHYvYXV0aC9yZWFsbXMvT0VPQXV0aCIsImF1ZCI6Imh0dHBzOi8vYXBpLXRlc3QubHBiLmx2L2F1dGgvcmVhbG1zL09FT0F1dGgiLCJzdWIiOiI0OWFjZjM5Yi0wZmY0LTRjMDEtOGRjOS1kODZmOWQ4NWI5ZDkiLCJ0eXAiOiJSZWZyZXNoIiwiYXpwIjoibHBiIiwic2Vzc2lvbl9zdGF0ZSI6ImRlN2YzYWFjLTJhMWQtNDczZC1hNTA1LTdjNzNhZjE1NzdlMiIsInNjb3BlIjoiUFNDVXNlciJ9.8miOnJ4rQvST47aocVMM9ZvAFXvLho5S4wdoNvuZUZ0",
  "scope": "PSCUser",
  "session_state": "de7f3aac-2a1d-473d-a505-7c73af1577e2",
  "token_type": "Bearer
}

The only thing left is to add access token to API request via Authorization header. For example:

curl -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJXTDVNdElqYk1aTUhDRzJrcmZjd3V1NEdmN2t2bFJEbGxkNGhPdVBteHljIn0.eyJleHAiOjE2NzQxMTg2MzcsImlhdCI6MTY3NDExMTQzNywianRpIjoiYmI0Y2RiMjMtNjBkOC00ZTU2LTg0ZmUtYTkwODM5ZjkwYmFkIiwiaXNzIjoiaHR0cHM6Ly9hcGktdGVzdC5scGIubHYvYXV0aC9yZWFsbXMvT0VPQXV0aCIsImF1ZCI6WyJvZWFibEFwcCIsImFtcXAiXSwic3ViIjoiNDlhY2YzOWItMGZmNC00YzAxLThkYzktZDg2ZjlkODViOWQ5IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoibHBiIiwic2Vzc2lvbl9zdGF0ZSI6IjI2YjJiZjQzLTRhZDQtNDY0My1iOTRkLWMxNmY1MTNkMjI4MCIsImFjciI6IjEiLCJzY29wZSI6IlBTQ1VzZXIiLCJhbXFwIjoiYW1xcC5jb25maWd1cmU6JTJmLyouNDlhY2YzOWItMGZmNC00YzAxLThkYzktZDg2ZjlkODViOWQ5IGFtcXAucmVhZDolMmYvKi40OWFjZjM5Yi0wZmY0LTRjMDEtOGRjOS1kODZmOWQ4NWI5ZDkiLCJjbGllbnRfaWQiOiJscGIudGVzdCJ9.gJIqJw0AOEdxYd3fVCA-lX9lxxuMftM2yorrV3l-WLEv40tagxcB-Ijo8xX6bxWTUPvYrT7yJaZH02nHgqJqAe0V1T_Mdu5mID5QxzyZ44gcEAO33HM6LCQa8LobjXI9wZi0B8cBzOaez7cBj5Ji4Chbc7R4wJjdt_4On9jj4QeX8_IqLs-LEMJcE9jBV8j0sYBJe8icxkMcdy5GpmaKHzhbXBHiB_QWJ2uX2X-eg1rNMVYaXgcmpnZTWA2woi1g782aAdNmGBdU3q3DC2GxY6RGL21KCSpt_ajER2_tqpJ7GoAXakLW0uErbqOzZ3EGJHgYpd6nmP_mA7GAX5Fxbw" https://api-test.lpb.lv/api/accounts

Refresh access token

Access token has limited lifespan. Lifespan value can be obtained through token object, that is returned by login request. The value is stored in property expires_in and shows seconds before access token expires. Other way to control access token lifespan, is to check property exp directly in decoded access token. This property is a unix timestamp.

Instead of obtaining new access token through login request, you can refresh existing one, staying with current user session. This process requires refresh token from token object and another POST request to endpoint https://api-test.lpb.lv/oauth2/token. It should look something like this:

curl -X POST -d "grant_type=refresh_token&client_id=lpb&refresh_token=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIxNjM3M2Q0ZS1jNjc0LTQ4ZTYtODljMy1lMTY1ZTE1MTIyOGUifQ.eyJleHAiOjE2NzQwNTI3MDIsImlhdCI6MTY3NDA1MDkwMiwianRpIjoiNThhMzk5ODQtZjYxNC00YTdmLWJiYTAtMzIwMWIzMWI3Njk5IiwiaXNzIjoiaHR0cHM6Ly9hcGktdGVzdC5scGIubHYvYXV0aC9yZWFsbXMvT0VPQXV0aCIsImF1ZCI6Imh0dHBzOi8vYXBpLXRlc3QubHBiLmx2L2F1dGgvcmVhbG1zL09FT0F1dGgiLCJzdWIiOiI0OWFjZjM5Yi0wZmY0LTRjMDEtOGRjOS1kODZmOWQ4NWI5ZDkiLCJ0eXAiOiJSZWZyZXNoIiwiYXpwIjoibHBiIiwic2Vzc2lvbl9zdGF0ZSI6ImRlN2YzYWFjLTJhMWQtNDczZC1hNTA1LTdjNzNhZjE1NzdlMiIsInNjb3BlIjoiUFNDVXNlciJ9.8miOnJ4rQvST47aocVMM9ZvAFXvLho5S4wdoNvuZUZ0" -H "Content-Type: application/x-www-form-urlencoded" https://api-test.lpb.lv/oauth2/token

Successful refresh should respond with status 200 and new token object. Token object structure is similar to one you get from login request.

Logout

Logout is necessary when you don't plan on using user session anymore. The operation itself requires refresh token and POST request to endpoint https://api-test.lpb.lv/oauth2/logout. Check the example below:

curl -X POST -d "client_id=lpb&refresh_token=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIxNjM3M2Q0ZS1jNjc0LTQ4ZTYtODljMy1lMTY1ZTE1MTIyOGUifQ.eyJleHAiOjE2NzQwNTI3MDIsImlhdCI6MTY3NDA1MDkwMiwianRpIjoiNThhMzk5ODQtZjYxNC00YTdmLWJiYTAtMzIwMWIzMWI3Njk5IiwiaXNzIjoiaHR0cHM6Ly9hcGktdGVzdC5scGIubHYvYXV0aC9yZWFsbXMvT0VPQXV0aCIsImF1ZCI6Imh0dHBzOi8vYXBpLXRlc3QubHBiLmx2L2F1dGgvcmVhbG1zL09FT0F1dGgiLCJzdWIiOiI0OWFjZjM5Yi0wZmY0LTRjMDEtOGRjOS1kODZmOWQ4NWI5ZDkiLCJ0eXAiOiJSZWZyZXNoIiwiYXpwIjoibHBiIiwic2Vzc2lvbl9zdGF0ZSI6ImRlN2YzYWFjLTJhMWQtNDczZC1hNTA1LTdjNzNhZjE1NzdlMiIsInNjb3BlIjoiUFNDVXNlciJ9.8miOnJ4rQvST47aocVMM9ZvAFXvLho5S4wdoNvuZUZ0" -H "Content-Type: application/x-www-form-urlencoded" https://api-test.lpb.lv/oauth2/logout

Successful logout should respond with status code 204 - no content.

Credentials

Please visit https://api.lpb.lv/oauth2/password/reset for production environment or https://api-test.lpb.lv/oauth2/password/reset for test environment if you need to change your API BaaS user password.

JSC Magnetiq Bank

The use of modern technology lays at the core of the bank system. The combination of modern IT-solutions and banking services is our strong point, allowing us to provide high-quality services in the field of e-commerce and to compete successfully on the global market.

USEFUL LINKS

JSC Magnetiq Bank

Price list

Internet bank

CONTACT

Brivibas str. 54, Riga, Latvia

baas@magnetiqbank.com

© 2023 Copyright: JSC Magnetiq Bank