API Authentication

Generate API Credentials and an Access Token

Overview

This guide details the steps required to make an authenticated call against the Open Finance API.

  1. Generate API CredentialsAPI Credentials - The client_id and client_secret assigned to your Application which can be exchanged for an Access Token.
  2. Obtain an Access TokenAccess Token - The token provided by Tapico's /oauth/token endpoint. We use JWT's for our tokens. You will provide this in the authorization header to access the Tapico API.

This process is the same for all of the services available through the Tapico Open Finance API.

👍

OpenAPI 3.0 Specification

Download our OpenAPI 3.0 Specification in YAML or JSON format


Generating API Credentials

  1. Navigate to Application → Basic Details for your Application.
  2. On the Basic Details page select Create under API Credentials.
  3. Make a note of your client_id and client_secret.

❗️

IMPORTANT

You cannot retrieve the secret after the initial creation. If you lose the secret you must revoke credentials and create a new set.

 

Obtain an Access Token

With the API CredentialsAPI Credentials - The client_id and client_secret assigned to your Application which can be exchanged for an Access Token. in hand you're ready to connect to our API. Our API is secured via Bearer Authentication and all endpoints which deal with user data require an OAuth 2.0 Access TokenAccess Token - The token provided by Tapico's /oauth/token endpoint. We use JWT's for our tokens. You will provide this in the authorization header to access the Tapico API. to access.

You can obtain an access token via the client credentials flow by making a POST request to the /oauth/token endpoint like so:

curl -X POST https://sandbox.tapico.io/api/v1/oauth/token \
  -H 'content-type: application/x-www-form-urlencoded' \
  -H 'region: EU' \
  -d 'grant_type=client_credentials&scope=https://tapico.io/open-wealth&client_id={client_id}&client_secret={client_secret}'

📘

Regions

Access tokens are region-specific and can only be used for the particular region for which they are requested. This is specified by the region header in the OAuth token request.

For more information on regions click here.

The response contains the access token, you need to include this as an Authorization: bearer {token} header when making further requests to the Open Finance API, for example:

{
  "access_token": "eyJhbG...EQoLYw",
  "expires_in": 600,
  "token_type": "Bearer",
  "scope": "https://tapico.io/open-wealth"
}
Authorization: Bearer {{access_token}}

🚧

Access Token Expiry

The access tokens are designed to be short lived and only last for ten minutes, after which you will need to request a new one.

 

Consent Journeys

All of Tapico's services; access to personal financial data and payment initiation; rely on having the consent of the End-UserEnd-User - Your application's user, and ultimately the person that has given consent to access account information from accounts they are permissioned to and that are held by an account servicer.. The consent journey flow can differ slightly depending on your use case.

  1. If your Application is integrating to be a part of a Tapico Partner App Store you should implement: Short Consent Journey.
  2. If your Application is calling the Open Finance API direct for any other use case, you should implement: Long Consent Journey
  3. If your Application is integrated with TapiPay you will need to implement the payment consent flow: Initiate a Payment.

What’s Next

Once you have achieved the following:

☑ Created an Application
☑ Subscribed to the Open Wealth Service Pack
☑ Have at least one Account Servicer Link approved
☑ Understand how to authenticate with the Tapico API

You are ready to start using the services on offer:

Did this page help you?