For developers
Start with card payments
Authenticate
8min
oauth 2 0 is a popular protocol for authorization this controls entry to our system and ensures that only authorized entities can access our apis and other protected resources the information you enter into our authentication system is confidential and can never be accessed from any other cross river applications access cross river apis our system authenticates machine clients and authorizes them to talk to our apis authenticate your identity the cross river integration team provides you with a client id and a client secret that you use when requesting an access token you can use a web based tool, like postman , to send api requests http request components http component attribute description endpoint post /connect/token endpoint for retrieving an access token header content type application/x www form urlencoded body grant type this field will always have a value of client credentials secrets aren't recoverable by cr if you lose a secret, a new one must be generated body client id the unique identifier for a client body client secret an encrypted string of characters used to sign and validate id tokens important don’t commit your secrets into source control secrets aren't recoverable by cr if you lose a secret, a new one must be generated body scope a specific range or a limited set of services that a user can access with an access token if the required scope is missing, the subsequent api call will be returned as forbidden (403) if a scope isn't specified, the token returned will contain all scopes associated with your credentials note multiple scopes can be sent in the same request by adding a space between the name of each scope for example 'scope=scope1 scope2 scope3' sample call for an access token in curl sample access token in curl curl location request post 'https //oauthtest crbnj net/connect/token' \\ \ header 'content type application/x www form urlencoded' \\ \ data urlencode 'grant type=client credentials' \\ \ data urlencode 'client id=\[your id here]' \\ \ data urlencode 'client secret=\[your secret here]' \\ \ data urlencode 'audience=https //api crbcos com/' sample call for an access token in postman successful authentication and access token returned when you've successfully authenticated, an access token will be returned to you this access token allows you to send information securely as a json object for use in our apis add this token to the header of your api calls important make sure to protect your token don’t log it anyone who steals your token can impersonate your client for the lifetime of the token response attributes access token a digitally signed json web token (jwt) sent from the oauth server that allows access to specific cross river resources scope a range of services that a user can access expires in the amount of time until the token expires our integration team will inform you of the expiration time or you can decode your encrypted access token as well we recommend that you retrieve a new access token a short time before the old token is set to expire reuse tokens for their entire lifespan rather than get a new token for each call to the same protected resource (api) important make sure to never decode your token on a publicly hosted website token type bearer token sample postman access token return if the authentication is successful, the status code is ok urls for our sandbox and production environments sandbox url https //oauthtest crbnj net/connect/token production url https //oauth crbnj net/connect/token troubleshooting you can test the authorization and authentication into our systems with this endpoint, get /api/signupcard/testoauth if the authentication token is valid, it will return a 200 if the authentication token isn't valid, it will return a 401 if you can't get a bearer token and you haven't received one in the past confirm the url check that the client id and client secret are typed correctly they are case sensitive check your client id and client secret against the one you received make sure there are no network or allowlist issues contact our integration team if your account is locked as a result of 3 incorrect log in attempts