# Quick Start
source: https://developer.mastercard.com/open-finance-europe/documentation/unlicensed/aiia-pay/quickstart/index.md

This guide details how to connect the first user to your service from our platform.

Details include:

1. How to obtain your `Client ID` and `Client Secret` to gain access to our platform
2. How to connect the first user and retrieve account and transaction information

Note: If you are here to make payments, it is important that you also learn how to onboard a user as it is required when offering payment functionality to users.

Refer to [Postman collection](https://developer.mastercard.com/open-finance-europe/documentation/unlicensed/aiia-pay/testing/postman/index.md) together with this guide to get started faster.

#### Get your Credentials {#get-your-credentials}

1. Open a browser and go to our [Developer Portal](https://devportal.openbanking.mastercard.com).
2. Click on the **Sign up (or login)** button.
3. Log in to your account. If you do not have an account, click **Sign up** and create one for free.
4. Click on [Apps](https://devportal.openbanking.mastercard.com/#/apps) and then the **Create new app** button.
5. Take note of your `Client ID` and `Client Secret`.

Note: These credentials only provide access to the sandbox environment and therefore only expose *Test banks* . When you are ready to go live, refer to the [Production access](https://developer.mastercard.com/open-finance-europe/documentation/unlicensed/aiia-pay/production/accessing-prod-data/index.md) section to learn how to get access to production data.

For step-by-step guides, refer to [Tutorials and Guides](https://developer.mastercard.com/open-finance-europe/documentation/unlicensed/aiia-pay/tutorials/index.md).

#### Onboard your First Account {#onboard-your-first-account}

### Step 1 {#step-1}

Find your `Client ID` and `Client Secret`. These are located within your app(s), located on the [Apps page](https://devportal.openbanking.mastercard.com/apps).

Now it is time to connect your first user. In this example, the user is asked to share accounts and transaction data with you, as indicated by the requested [scope](https://developer.mastercard.com/open-finance-europe/documentation/unlicensed/aiia-pay/connect/scopes/index.md).

```shell
curl -G \
  https://api-sandbox.aiia.eu/v1/oauth/connect \
  -d client_id=<CLIENT_ID> \
  -d redirect_uri=<REDIRECT_URL> \
  -d scope="payments:inbound payments:outbound" \
  -d response_type=code
```

The `redirect_uri` is where the user is redirected after finishing the log-in flow. This needs to match one of the redirects specified when you created your application on the [Developer Portal](https://devportal.openbanking.mastercard.com/). For more details on how to onboard users and the functionality you can request, refer to [Connect Flow](https://developer.mastercard.com/open-finance-europe/documentation/unlicensed/aiia-pay/connect/connect-flow/index.md) and [Scopes](https://developer.mastercard.com/open-finance-europe/documentation/unlicensed/aiia-pay/connect/scopes/index.md).
Note: Connect flow is similar to OAuth flow, which you might be familiar with. Consent is required to access your end users' transaction data. We also need an additional consent to pass that data on to you.

The response will be a `302 (Found or Moved Temporarily)` that you need to follow in order to redirect the user. Look in the location header to figure out where to redirect the user.

```HTTP
Location=https://api.aiia.eu/v1/oauth/connect?client_id=%3Cstring%3E&redirect_uri=%3Cstring%3E&response_type=%3Cstring%3E
```

##### Step 2 - Register users {#step-2---register-users}

After navigating the user to the connect URL, the user signs up with Aiia Pay and connects their accounts. This consists of the following steps:

1. Enter your email address.
2. Enter the verification code from the email received.
3. Accept consent if presented.
4. Log in to `Test bank with data #1 DKK`. It accepts any username and any numeric password.
5. Choose one or more accounts.
6. Accept consent to pass data on to your app.

![Login flow](https://static.developer.mastercard.com/content/open-finance-europe/uploads/authentication-intro.png)

After completing the flow, the user will be redirected back to the provided `redirect_uri` with a `code` that you will use in the next step.

Here is an example of what a `redirect_uri` looks like:

    https://httpbin.org/anything?code=ygAAAAVDaXBoZXJ0ZXh0AJAAAAAAoy734oFjfPFDa9TmOtOAYwcTMKcWZ2782qTQEnjFtW1FsEjone0S6UrXUnD87WrEvidMfCleZgm6K3ysf0eG9hwjylyqUzehya7SIssvR9QwUjtXHCSDPUQV8mYbubbIUGOacfSjqe%2Fnkeop4N37k786234wDrBwW1zJeFZb4af6Ljk7wuzmIR5DzYlutM66vsqCMmNBUl2ABAAAAAAuhPflJ4fuLP45FJmAp4FkBBLZXlJ7923AAAAAAAA%3D%3D

Take note of the `code`, as It is used in the next step to get session and login tokens.
Note: An array of [test banks](https://developer.mastercard.com/open-finance-europe/documentation/unlicensed/aiia-pay/testing/test-providers/index.md) are available to test different configurations.

#### Step 3 -- Exchange the code for tokens {#step-3--exchange-the-code-for-tokens}

Use the `code` from Step 2 to get an access token for the user. Note that the `code` may be URL encoded if you received it in your browser. Therefore, you must remember to decode it if you are walking through this guide step-by-step.

Remember to use the `redirect_uri` added when the app was created:

```shell
curl -D- -X POST https://api-sandbox.aiia.eu/v1/oauth/token \
  -u <CLIENT_ID>:<CLIENT_SECRET> \
  -H 'Content-Type: application/json' \
  -d '{
        "grant_type" : "authorization_code",
        "code": "<CODE>",
        "redirect_uri" : "<REDIRECT_URL>"
      }'
```

Note: A `code` can only be used once and expires after one minute.

The response contains two tokens: `access_token` and `refresh_token`. This is an example of a successful response:

```json
{
  "access_token": "eyJhbGciOiJIUzI1Ni978juanR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiJmYTE4OTI3MS1mOTY1LTRmNWMtOTlmOS1lNDViNzNiYzI4MzkiLCJjbGllbnRJZCI6InZpaWEtZnBwIiwicm9sZSI6IkNsaWVudFVzZXIiLCJzZ67623aW9uSWQiOiJlZmE1NWU0ZS0xZTUxLTQ1YWMtYWEyYy01OThhNjFjMTZlOTYiLCJuYmYiOjE1Njc0MTQxNzMsImV4cCI6MTU2NzQxNzc3MywiaWF0IjoxNTY3NDE0MTczfQ.7QD6zGcdonYy79384buXOqsykWrbWa3L6LW4d9uzb-zA",
  "expires_in": 3600,
  "redirect_uri": "https://httpbin.org/anything",
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI687234pXVCJ9.eyJ1c2VySWQiOiJmYTE4OTI3MS1mOTY1LTRmNWMtOTlmOS1lNDViNzNiYzI4MzkiLCJjbGllbnRJZCI6InZpaWEtZnBwIiwiY29uc2VudElkIjoiYTYyODExYWYtNzUxMS00ZWQ0LoyiauasiYTEtMjAwNzc2NGQ1MTIwIiwic2Vzc2lvbklkIjoiZWZhNTVlNGUtMWU1MS00NWFjLWFhMmMtNTk4YTYxYzE2ZTk2Iiwicm9sZSI6IlJlZnJlc2hUb2tlbiIsIm5iZiI6MTU2NzQxNDE3MywiZXhwIjoxNTY4NjIzNzczLCJpYXQiOjE1Njc0MTQxNzN9.5-x0NNg5lMxPnZRYtu983764q0sbPcSb7U9b23e3Zwx0Ss9I",
  "token_type": "bearer"
}
```

Take note of the `access_token`. It is used in the next step to get a list of all the accounts that the end user has provided access to.

#### Step 4 -- Access accounts {#step-4-access-accounts}

The user's account data can be accessed using the `accessToken`.

Here is an example of how to fetch the user's accounts:

```shell
curl -D- -X GET https://api-sandbox.aiia.eu/v1/accounts \
  -H 'Authorization: Bearer <ACCESS_TOKEN>' 
```

This endpoint produces a response that contains an overview of the user's accounts.

```json
{
  "accounts": [
    {
        "accountProvider": {
            "id": "TestDataBank1",
            "name": "Test bank with data #1 DKK"
        },
        "available": null,
        "availableBalance": null,
        "booked": {
            "currency": "DKK",
            "value": 6439.15
        },
        "bookedBalance": 6439.15,
        "currency": "DKK",
        "destinationId": "8002b79a-37f9-4da3-8f60-93ddd573",
        "id": "ZmExODkyNzEtZjk2NS00ZjVjLTk5ZjktZTQ1YjczYmMyODM5fFRlc3REYXRhQmFuazF6823DZ0NFBrOXVORGdpejdKQ0tjSzN2aXM5ZFIzd0gzLWhSNWJhY21nSEZCdy4x",
        "lastSynchronized": "2019-09-02T08:52:16.5816944Z",
        "nagApiAccountId": "T6t4Pk9uNDgiz7JCKcK3vis9dR3wH3-hR5bacmgHFBw.1",
        "name": "Direct Debit",
        "number": {
            "bban": "0001-245787654",
            "bbanParsed": {
                "accountNumber": "245787654",
                "bankCode": "0001"
            },
            "bbanType": "0001-245787654",
            "card": null,
            "iban": null
        },
        "owner": "Christian Thomsen",
        "type": "Consumption"
    },
    ...
}
```

Now that you have onboarded your accounts, you are able to retrieve your `destinationId`. This ID is essential to receive inbound payments as a merchant, and to create payment links.

### What Next? {#what-next}

Once you have connected an account, you can explore the functionality the API offers:

* [Payments](https://developer.mastercard.com/open-finance-europe/documentation/unlicensed/aiia-pay/index.md) -- Discover our payment products and learn how to get started.
* [Event notifications](https://developer.mastercard.com/open-finance-europe/documentation/unlicensed/aiia-pay/event-notifications/index.md) -- Explore how you can start receiving notifications. A real-time experience is provided through notification of any changes. Notifications can be used for accounts, transactions and payments.
* [API Reference](https://developer.mastercard.com/open-finance-europe/documentation/unlicensed/aiia-pay/api-references/index.md) -- Explore our API reference to review the capabilities our API exposes to you.
* Refer to our [Postman](https://developer.mastercard.com/open-finance-europe/documentation/unlicensed/aiia-pay/testing/postman/index.md) where you can run the API collection to facilitate testing.
* [Sample projects](https://developer.mastercard.com/open-finance-europe/documentation/unlicensed/aiia-pay/sample-project/index.md) -- Several sample applications are available to view available capabilities.