I am trying to follow Revolut's tutorial for authenticating to their API and I'm stuck at requesting a reusable access token.
So far I've managed to: 1. Create public/private keys 2. Upload public key 3. Sign a jwt with the generated client_id 4. Get an authorisation code
But I am blocked at using the above for requesting a reusable access token.
As per this page, I'm supposed to create a POST request on https://b2b.revolut.com/api/1.0/auth/token with the following body:
{
"grant_type": "authorization_code",
"client_id": my_client_id,
"code": my_authorisation_code,
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"client_assertion": my_jwt
}
Which I've done in Insomnia but I keep getting this error:
{
"error": "invalid_client",
"error_description": "client_id is missing"
}
Looking on SO for an answer I stumbled upon this answer, but I get this error all the time, even after I change the client_id.
Turns out the body should not be a JSON, it should have been url encoded, like this:
grant_type=authorization_code&client_id=client_id&code=code&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&client_assertion=jwt