Quickstart
Get access token
11 min
cross river uses oauth 2 0 for authentication and authorization this controls entry to our system and ensures that only authorized entities can access our apis and other protected resources the information you enter into our authentication system is confidential and can never be accessed from any other cross river applications once you've received your get api credentials , and b efore you can use our apis, you must get an access token using the client id and client secret you received when you registered this access token allows you to send information securely as a json object for use in our apis you must include this token in the header of each api request there are several ways to request and receive an access token use command line interface (cli) with curl or any other language use postman or any other api testing tool once obtained, copy the access token to your clipboard make sure you save it command line interface to request a token send a post connect/token command containing the client id and client secret and grant type to the get access token /#auth server urls (auth server) of the appropriate sandbox, as shown in the sample below refer to the get access token /#http components for an explanation of these tags the following example uses curl to request a token from one of the auth servers sample request in curl for cos curl location request 'post https //idptest crbcos com/connect/token' \\ \ header 'content type application/x www form urlencoded' \\ \ data urlencode 'client id=\[your id here]' \\ \ data urlencode 'client secret=\[your secret here]' \\ \ data urlencode 'grant type=client credentials' \\ \ data urlencode 'audience=https //api crbcos com/' sample response from curl request { "access token" "contains many characters", \\ "expires in" 86400, \\ "token type" "bearer" } postman to request a token using postman, send a post connect/token command to the get access token /#auth server urls of the appropriate sandbox add the grant type , scope (optional) , client id and client secret to the call refer to the get access token /#http components for an explanation of these tags if the authentication is successful, the status code is 200 (ok) cos explorer in cos explorer , click the down arrow next your login and click copy access token the access token is copied to your clipboard, ready for use in the sandbox environments token request response attribute description access token a digitally signed json web token (jwt) sent from the oauth server that allows access to specific cross river resources scope a range of services that a user can access expires in the amount of time until the token expires our integration team will inform you of the expiration time or you can decode your access token as well we recommend that you retrieve a new access token a short time before the old token is set to expire reuse tokens for their entire lifespan rather than getting a new token for each call to the same protected resource (api) important never decode your token on a publicly hosted website token type bearer token http components the following http components are used both in the api and postman requests h ttp component tag description endpoint post /connect/token endpoint for retrieving an access token header content type application/x www form urlencoded body client id the unique identifier for a client body client secret an encrypted string of characters used to sign and validate id tokens important secrets aren't recoverable by cr if you lose a secret, a new one must be generated do not commit your secrets into source control body grant type this field will always have a value of client credentials body audience optional a way for the user to validate if a particular access token is meant for them body scope optional a specific range or a limited set of services that a user can access with an access token if a scope isn't specified, the token returned will contain all scopes associated with your credentials note multiple scopes can be sent in the same request by adding a space between the name of each scope for example 'scope=scope1 scope2 scope3' auth server urls module auth server url accounts https //idptest crbcos com/connect/token https //idptest crbcos com/connect/token ach https //idptest crbcos com/connect/token https //idptest crbcos com/connect/token wires https //idptest crbcos com/connect/token https //idptest crbcos com/connect/token checks https //idptest crbcos com/connect/token https //idptest crbcos com/connect/token core https //idptest crbcos com/connect/token https //idptest crbcos com/connect/token instant payments https //idptest crbcos com/connect/token https //idptest crbcos com/connect/token card issuing https //idptest crbcos com/connect/token https //idptest crbcos com/connect/token card payments https //crbcos sandbox auth0 com/oauth/token https //crbcos sandbox auth0 com/oauth/token lending https //oauthtest crbnj net/connect/token https //oauthtest crbnj net/connect/token troubleshooting if the authentication token is valid, it will return a 200 if the authentication token isn't valid, it will return a 401 if you unable to get a bearer token and you haven't received one in the past confirm the url check that the client id and client secret are typed correctly they are case sensitive check your client id and client secret against the one you received make sure there are no network or allowlist issues contact our integration team if your account is locked as a result of 3 incorrect log in attempts