Authentication

To access our APIs, you’ll first need to complete the onboarding process and receive your authentication credentials. Contact the Banked Customer Success team at support@banked.com. In the onboarding flow you will be asked to choose either Basic or OAuth2 authentication for the integration.

Basic AuthenticationCopy URL

If Basic Authentication is the option of choice then a set of credentials will be shared with you.

All API requests require the following header fields:

Oauth2 AuthenticationCopy URL

If Oauth2 Authentication is the option of choice then we will share with you:

• a set of credentials that will be used to generate tokens
• a list of allowed scopes that represent Business Application IDs (see Account Structures for more information)

Use the /token endpoint to generate OAuth tokens.

Tokens expire after 2 hours, so you must rotate your tokens frequently to ensure application security.

Generating an OAuth tokenCopy URL

To generate OAuth tokens, create an Authorization header by concatenating your API key and secret key with a colon as a separator, and then base64 encode the resulting string: Authorization: Basic base64(APIkey:secretKey).

The example below shows a scoped token request with the application ID in the data-urlencode field:

curl --location --request POST 'https://api.banked.com/oauth/token' \
--header 'Authorization: Basic base64(key:secret)' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=APPLICATION_ID'

The example below shows the format of the token response:

{
  "access_token": "YOUR_TOKEN",
  "token_type": "Bearer",
  "expires_in": 7200,
  "scope": "APPLICATION_ID",
  "created_at": 1615831274
}

You can now use the OAuth token from the access_token field to authenticate your API requests. To authenticate your requests, include HTTP headers as shown below: