Quickstart
Get access token
11 min
cross river uses oauth 2 0 for authentication and authorization this controls entry to our system and ensures that only authorized entities can access our apis and other protected resources the information you enter into our authentication system is confidential and can never be accessed from any other cross river applications once you've received your get api credentials , and b efore you can use our apis, you must get an access token using the client id and client secret you received when you registered this access token allows you to send information securely as a json object for use in our apis you must include this token in the header of each api request there are several ways to request and receive an access token use command line interface (cli) with curl or any other language use postman or any other api testing tool once obtained, copy the access token to your clipboard make sure you save it command line interface to request a token send a post connect/token command containing the client id and client secret and grant type to the get access token /#auth server urls (auth server) of the appropriate sandbox, as shown in the sample below refer to the get access token /#http components for an explanation of these tags the following example uses curl to request a token from one of the auth servers sample request in curl for cos curl location request 'post https //idptest crbcos com/connect/token' \\ \ header 'content type application/x www form urlencoded' \\ \ data urlencode 'client id=\[your id here]' \\ \ data urlencode 'client secret=\[your secret here]' \\ \ data urlencode 'grant type=client credentials' \\ \ data urlencode 'audience=https //api crbcos com/' sample response from curl request { "access token" "contains many characters", \\ "expires in" 86400, \\ "token type" "bearer" } postman to request a token using postman, send a post connect/token command to the get access token /#auth server urls of the appropriate sandbox add the grant type , scope (optional) , client id and client secret to the call refer to the get access token /#http components for an explanation of these tags if the authentication is successful, the status code is 200 (ok) cos explorer in cos explorer , click the down arrow next your login and click copy access token the access token is copied to your clipboard, ready for use in the sandbox environments token request response true false 139false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type http components the following http components are used both in the api and postman requests true false 116,141false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type auth server urls true false 218,320false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type troubleshooting if the authentication token is valid, it will return a 200 if the authentication token isn't valid, it will return a 401 if you unable to get a bearer token and you haven't received one in the past confirm the url check that the client id and client secret are typed correctly they are case sensitive check your client id and client secret against the one you received make sure there are no network or allowlist issues contact our integration team if your account is locked as a result of 3 incorrect log in attempts