Authentication & Payload Authentication & Payload
API docs by Redocly

Authentication & Payload (2.4.0)

Download OpenAPI specification:Download

To interact with the ANZ Cash Management Central (ACMC) API, all requests must be authenticated using OAuth 2.0, specifically through the Client Credential Grant process. The API endpoint for obtaining the authentication token is essential for ensuring secure access. Once authenticated, all GraphQL API calls should be directed to the /graphql endpoint. This document provides detailed information on the authentication process and the usage of the /graphql path for executing API requests.

Authorisation

Operations related to authentication & authorisation.

Obtain authorisation token

ANZ use OAuth 2.0 to authenticate inbound token requests, a bearer token is returned as a response which is then used to authorise against ANZ resources

Authorizations:
(apiKeyAuthOAuth2)
Request Body schema: application/x-www-form-urlencoded

Information and examples of Auth request body

grant_type
required
string

Specify the type credential requested

client_assertion_type
required
string

Describes the type of client assertion provided in the message request

scope
required
any
required
object (ClientAssertion)

Responses

Response samples

Content type
application/json
{
  • "expires_in": 3600,
  • "token_type": "Bearer",
  • "access_token": "eaaa13ee-b596-a8cc-b9d4-f778f8bb9377"
}

Graphql Posts

Post a graphql query or mutation

All API calls to the ANZ Cash Management Central (ACMC) platform require authentication via OAuth 2.0. Once authenticated, all requests should be made to the /graphql endpoint. This ensures secure and standardized communication with the platform. Detailed examples and instructions on how to authenticate and use the GraphQL API are provided below.

Authorizations:
(apiKeyAuthbearerAuth)
Request Body schema: application/json

GraphQL queries / mutations go in here, refer to the rest of the site for examples.

query
required
string

The GraphQL query or mutation string

object

Variables used in the GraphQL query or mutation

Responses

Request samples

Content type
application/json
Example
{
  • "query": "query GetResource($id: ID!) {\n getResource(id: $id) {\n id\n name\n description\n }\n}\n",
  • "variables": {
    }
}

Response samples

Content type
application/json
{
  • "status": {
    }
}

AuthTokenRequest

grant_type
required
string

Specify the type credential requested

client_assertion_type
required
string

Describes the type of client assertion provided in the message request

scope
required
any
required
object (ClientAssertion)
{
  • "grant_type": "client_credentials",
  • "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
  • "scope": null,
  • "client_assertion": {}
}