Implementing OAuth 2.0

You enable mutual authentication by obtaining a Certificate Signing Request (CSR) from a supported certificate authority (CA). After obtaining a CSR, you provide your common name details to

National Australia Bank

. For more information, see Enable Mutual Authentication.

You register your web-application in the

Gateway Portal

. You set a scope of permissions and a redirect URL to your web-application. For more information, see Register Your Application.

The merchant visits your web-application, provides their credentials, and clicks a button or link to complete the permission process.

Your application redirects the merchant to a

National Australia Bank

-hosted webpage. For more information, see Register Your Application.

The merchant logs in to the

Gateway Portal

and grants your web-application permission to access their merchant account based on the scope you set previously. Notify the merchant that their account must have access to grant OAuth permissions to complete this requirement.

National Australia Bank

redirects the merchant to your application using the redirect URL you registered. An authentication code is appended to the redirect URL. For more information, see Interpreting the Redirect Response.

Your application exchanges the authorization code with

National Australia Bank

for these two tokens:

Access token:
A token to authenticate transactions using
National Australia Bank
. For more information about how to authenticate
National Australia Bank
transactions using this token, see Submit API Requests Using OAuth.
Refresh token:
A token that you can use to request additional access tokens.