Authenticating against Toqio API

The authentication method described in this doc refers to the method to use Toqio's public API. If you are integrating a new financial provider into Toqio please refer to the Integration Hub API.

The authentication method to connect to our public API will be OAuth 2.0 Client Credentials Grant Type

Retrieving token

curl -X POST 'https://api.toq.io/iam/oauth/token' \
--header 'Authorization: Basic <encoded base64 username:password>' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \

You will receive a response as follows

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJz...",
  "expires_in": 3599,
  "jti": "f8e4b107-26e5-494f-a59e-d008a4fdfcc4",
  "scope": "",
  "token_type": "bearer"
}

by default, the "access_token" will have an expiration time of 1h (3600 secs), but it could be customised if requested by the client and if the request is approved.

All API request must be called using the access_token received using the "Authorization" header inside each request:

Authorization: "Bearer {access_token}"