TD Bank

TD Bank Token API

OAuth 2.0 Token API with Pushed Authorization Request (PAR) — issues access tokens for the FDX Data APIs and the Consent API. Flow begins with POST PAR, returns a request URI used to build the consent URL, and exchanges the resulting authorization code for an access token via POST /token.

TD Bank Token API is one of 14 APIs that TD Bank publishes on the APIs.io network, described by a machine-readable OpenAPI specification.

This API exposes 1 machine-runnable capability that can be deployed as REST, MCP, or Agent Skill surfaces via Naftiko.

Tagged areas include Token Management, OAuth, and Open Banking. The published artifact set on APIs.io includes API documentation, an OpenAPI specification, and 1 Naftiko capability spec.

GitHub OpenAPI

Documentation

📖
Documentation
https://docs.pat.openbanking.amcb.developer.td.com/guides/advanced-token-scenarios

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/td-bank/refs/heads/main/openapi/td-bank-token-api-openapi.yml

Other Resources

🔗
SandboxURL
https://api.openbanking.amcb.developer.td.com/sandbox/oauth/v1
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/td-bank/refs/heads/main/capabilities/token-tokens.yaml

OpenAPI Specification

td-bank-token-api-openapi.yml Raw ↑ 
openapi: 3.1.0
info:
  title: TD Bank Token API
  description: >-
    OAuth 2.0 Token API with Pushed Authorization Request (PAR). Issues
    access tokens for the FDX Data APIs and the Consent API. The flow:
    POST /par returns a request_uri; build the consent URL with it and
    send the user to authorize; exchange the resulting authorization code
    for an access token via POST /token.
  version: '1.0.0'
  contact:
    name: TD Open Banking Developer Support
    url: https://developer.td.com
externalDocs:
  description: Advanced Token Scenarios
  url: https://docs.pat.openbanking.amcb.developer.td.com/guides/advanced-token-scenarios
servers:
  - url: https://api.openbanking.amcb.developer.td.com/oauth/v1
    description: Production
  - url: https://api.openbanking.amcb.developer.td.com/sandbox/oauth/v1
    description: Sandbox
tags:
  - name: Tokens
security: []
paths:
  /par:
    post:
      operationId: pushedAuthorizationRequest
      summary: Pushed Authorization Request
      tags: [Tokens]
      requestBody:
        required: true
        content:
          application/x-www-form-urlencoded:
            schema:
              type: object
              required: [response_type, client_id, redirect_uri, scope]
              properties:
                response_type: { type: string }
                client_id: { type: string }
                redirect_uri: { type: string }
                scope: { type: string }
                state: { type: string }
                code_challenge: { type: string }
                code_challenge_method: { type: string }
      responses:
        '201':
          description: PAR success
          content:
            application/json:
              schema:
                type: object
                properties:
                  request_uri: { type: string }
                  expires_in: { type: integer }
  /token:
    post:
      operationId: createToken
      summary: Create Access Token
      tags: [Tokens]
      requestBody:
        required: true
        content:
          application/x-www-form-urlencoded:
            schema:
              type: object
              required: [grant_type, client_id]
              properties:
                grant_type: { type: string, enum: [authorization_code, refresh_token, client_credentials] }
                code: { type: string }
                redirect_uri: { type: string }
                refresh_token: { type: string }
                client_id: { type: string }
                client_secret: { type: string }
                code_verifier: { type: string }
      responses:
        '200':
          description: Token issued
          content:
            application/json:
              schema:
                type: object
                properties:
                  access_token: { type: string }
                  refresh_token: { type: string }
                  token_type: { type: string }
                  expires_in: { type: integer }
                  scope: { type: string }
  /revoke:
    post:
      operationId: revokeToken
      summary: Revoke Token
      tags: [Tokens]
      requestBody:
        required: true
        content:
          application/x-www-form-urlencoded:
            schema:
              type: object
              required: [token]
              properties:
                token: { type: string }
                token_type_hint: { type: string }
      responses:
        '200':
          description: Revoked