On This Page
FILTER BY TAG

(Optional) Provide Your OAuth Credentials

If your system uses the
OAuth
 or
OAuth with JWT
 security policy, you must provide your OAuth credentials to
National Australia Bank
. The OAuth credentials request uses Visa's key management service to store your credentials. When
National Australia Bank
 sends you webhook notifications in the future,
National Australia Bank
 will use your OAuth credentials to access your server and deliver the notification message.
IMPORTANT
If you are using only the default
mutual trust
 security policy, you do not need to provide OAuth credentials to
National Australia Bank
.
OAuth
The OAuth security policy with client credentials is an authentication method that is designed for applications that communicate with each other. Basic authentication is the most common mechanism for authenticating a client with the client credentials. This authentication method enables
National Australia Bank
 services to obtain only the relevant user data without exposing the user's credentials.
OAuth with JWT
The OAuth with JWT security policy is an authentication method in which your system sends a JSON Web Token. This method bypasses domain headers and minimizes the need for server-side authentication checks.

Endpoints

Send a POST request to one of these endpoints:
  • Test:
    POST
    https://nabgateway-api-test.nab.com.au
    /kms/egress/v2/keys-sym
  • Production:
    POST
    https://nabgateway-api.nab.com.au
    /kms/egress/v2/keys-sym

Headers

Each API request should use headers that provide your client credentials, which are the username and password of your webhooks server. Here is an example:
curl --location 'Client's OAauth URL' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode ‘client_id=webhooks-server-username' \
--data-urlencode ‘client_secret=webhooks-server-password'

Required Fields for Providing Your OAuth Credentials

clientRequestAction
Set to
STORE
.
keyInformation.clientKeyId
Set to the webhook server's username.
keyInformation.expiryDuration
Set to
365
.
keyInformation.key
Set to the webhooks server's secret key.
keyInformation.keyType
Set to
oAuthClientCredentials
.
keyInformation.organizationId
Set to the organization ID or merchant ID of the organization requesting the key.
keyInformation.provider
Set to the organization ID that the requesting organization belongs to.
keyInformation.tenant
Set to
nrtd
.

Example: Providing Your OAuth Credentials

{
  "clientRequestAction": "STORE",
  "keyInformation": {
    "provider": "merchantName",
    "tenant": "nrtd",
    "keyType": "oAuthClientCredentials",
    "organizationId": "merchantName",
    "clientKeyId": "Webhook server's username",
    "key": "Webhook server's secret key",
    "expiryDuration": "365"
  }
}
{
    "submitTimeUtc": "2022-02-18T19:49:52Z",
    "status": "SUCCESS",
    "keyInformation": {
        "provider": "org1",
        "tenant": "nrtd",
        "organizationId": "org1",
        "clientKeyId": "ef400ac1-edfe-406e-94b3-0d73be09a1a0",
        "keyId": "d8512fb5-1d8c-4f2d-e053-3cb8d30a764c",
        "key": "KTTY1LLGYR6A2LL4XZTT9W9RGCVJ5Z4XZAP6AFTRUFWLSXX0NX4N88N9EJED3BMM",
        "keyType": "oAuthClientCredentials",
        "status": "active",
        "expirationDate": "2023-02-18T19:49:52Z"
    }
}
RELATED TO THIS PAGE