Acquire service account token

To acquire a new API token with OAuth 2.0, you need four pieces of information from the Tango portal—the client ID, client secret, service account username, and service account password. Once you have the above information, use thePOST {URI}/oauth/token endpoint (at least once every 24 hours) to acquire a new token.

See how to get the client ID, client secret, username, and password: Use OAuth for secure connection.

📘

Note:

  • You can get unlimited tokens. There's no restrictions in the number of tokens.
  • An access token can only be used for 24 hours once created. Fetch a new token at least once every 24 hours to authenticate calls. New tokens can be generated using the same client credentials and service accounts, or the updated credentials.

Use the following endpoint to request a new OAuth token:

EndpointDescription
POST {URI}/oauth/tokenTo acquire a new oauth token.

The following parameters can be used in your request:

Form DataData typeRequirementDescription
client_idstringrequiredThe client_id is a variable referring to the Client ID field value generated in the Tango portal under OAuth client credentials.
client_secretstringrequiredThe client_secret is a variable referring to the Client Secret field value generated in the Tango portal under OAuth client credentials.
usernamestringrequiredThe Service Account username created in the Tango portal under OAuth Service Accounts.
passwordstringrequiredThe Service Account password created in the Tango portal under OAuth Service Accounts.
scopestringrequiredList of space-separated OAuth scopes, static, the value is always raas.all.
audiencestringrequiredAudience for the token, static, the value is always https://api.tangocard.com/.
grant_typestringrequiredType of the OAuth flow in progress, static, the value is always password.

The following headers are used in your request:

HeadersRequirementData type
Content-typeoptionalstring
Acceptoptionalstring

Here's an example of the above parameters in the code:

curl --request POST \
    --url https://sandbox-auth.tangocard.com/oauth/token \
    --header ‘Accept: application/json’ \
    --header ‘Content-Type: application/x-www-form-urlencoded’ \
    --data client_id= string \
    --data client_secret=string\
    --data username=string \
    --data ’password=string \
    --data scope=raas.all \
    --data audience=https://api.tangocard.com/ \
    --data grant_type=password

Here's an example of the returned payload:

{
  "access_token": "<string>",
  "scope": "<string>",
  "expires_in": "<integer>",
  "token_type": "Bearer"
}

The response message for this endpoint is. For details, see i18nkey codes and their error messages:

  • 200 OK
  • 400 Bad Request
  • 401 Unauthorized

© 2025 Tango API are provided by Tango, a division of BHN, Inc.