Access Tokens

About access tokens

Access tokens are a small piece of code the contain some information. These tokens are used as a credential to perform authorized actions wherever authorization is required (some APIs or routes may be used by the public without authorization).

An example of how an access token may look like is as the following:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Notice how the token has 2 dots, these separate the token into 3 pieces.
The 2nd piece is what contains information loaded into the token.

For the given example above, the "informative" piece would contain this data:

{
  "sub": "1234567890",
  "name": "John Doe",
  "iat": 1516239022
}

Why do I need an access token for the Open Finance API?

Well for all of the reasons mentioned above, we have protected our API and data so only those authorized can access that data, and the data accessible is unique to the token holder.
Meaning company A cannot access data which belongs to company B, and vise-versa.

How do I get an access token for the Open Finance API?

If you follow this API reference, you'll be able to generate a time-limited access token (it will expire over time and you'll need to retrieve a new token).

You can fetch the clientId and clientSecret from the dashboard getting started page (https://dashboard.open-finance.ai)

  • The userId is unique to the user, whilst clientId is the same for all your users, because you are the client.
  • The clientSecret should NOT be seen by the public! This puts your organization in risk of a data-leak.