API Authentication
Generate API Credentials and an Access Token
Overview
This guide details the steps required to make an authenticated call against the Open Finance API.
- Generate API Credentials
- Obtain an Access Token
This process is the same for all of the services available through the Tapico Open Finance API.
OpenAPI 3.0 Specification
Download our OpenAPI 3.0 Specification in YAML or JSON format
Generating API Credentials
- Navigate to Application β Basic Details for your Application.
- On the Basic Details page select Create under API Credentials.
- Make a note of your
client_id
andclient_secret
.

IMPORTANT
You cannot retrieve the secret after the initial creation. If you lose the secret you must revoke credentials and create a new set.
Β
Obtain an Access Token
With the API Credentials in hand you're ready to connect to our API. Our API is secured via Bearer Authentication and all endpoints which deal with user data require an OAuth 2.0 Access Token to access.
You can obtain an access token via the client credentials flow by making a POST request to the /oauth/token
endpoint like so:
curl -X POST https://sandbox.tapico.io/api/v1/oauth/token \
-H 'content-type: application/x-www-form-urlencoded' \
-H 'region: EU' \
-d 'grant_type=client_credentials&scope=https://tapico.io/open-wealth&client_id={client_id}&client_secret={client_secret}'
Regions
Access tokens are region-specific and can only be used for the particular region for which they are requested. This is specified by the
region
header in the OAuth token request.For more information on regions click here.
The response contains the access token, you need to include this as an Authorization: bearer {token}
header when making further requests to the Open Finance API, for example:
{
"access_token": "eyJhbG...EQoLYw",
"expires_in": 600,
"token_type": "Bearer",
"scope": "https://tapico.io/open-wealth"
}
Authorization: Bearer {{access_token}}
Access Token Expiry
The access tokens are designed to be short lived and only last for ten minutes, after which you will need to request a new one.
Β
Consent Journeys
All of Tapico's services; access to personal financial data and payment initiation; rely on having the consent of the End-User. The consent journey flow can differ slightly depending on your use case.
- If your Application is integrating to be a part of a Tapico Partner App Store you should implement: Short Consent Journey.
- If your Application is calling the Open Finance API direct for any other use case, you should implement: Long Consent Journey
- If your Application is integrated with TapiPay you will need to implement the payment consent flow: Initiate a Payment.
Updated about 1 year ago
Once you have achieved the following:
β Created an Application
β Subscribed to the Open Wealth Service Pack
β Have at least one Account Servicer Link approved
β Understand how to authenticate with the Tapico API
You are ready to start using the services on offer: