Acquire service account token
To acquire a new API token with OAuth 2.0, you need four pieces of information from the Tango portal—the client ID, client secret, service account username, and service account password. Once you have the above information, use thePOST {URI}/oauth/token endpoint (limited to 100 TPS) at least once every TTL period to acquire a new token.
See how to get the client ID, client secret, username, and password: Use OAuth for secure connection.
Note:
- You are limited to 100 TPS on the token generation endpoint. There's no restrictions in the number of tokens other than the TPS limit.
- A token can either have a Time-to-Live (TTL) of either 24 hours (86,400 seconds) or 5 mins (300 seconds), and is determimed by the
audienceyou select at the time of token creation.- An access token can only be used for the TTL period once created. Create a new token at least once every TTL period to authenticate calls. New tokens can be generated using the same client credentials and service accounts, or the updated credentials.
Use the following endpoint to request a new OAuth token:
| Endpoint | Description |
|---|---|
POST {URI}/oauth/token | To acquire a new oauth token. |
The following parameters are used when requesting an OAuth token from Tango. This token is required before calling any protected Tango APIs:
Form Data | Data type | Requirement | Description |
|---|---|---|---|
client_id | string | required | The client_id is a variable referring to the Client ID field value generated in the Tango portal under OAuth client credentials. |
client_secret | string | required | The client_secret is a variable referring to the Client Secret field value generated in the Tango portal under OAuth client credentials. |
username | string | required | The Service Account username created in the Tango portal under OAuth Service Accounts. |
password | string | required | The Service Account password created in the Tango portal under OAuth Service Accounts. |
scope | string | required | List of space-separated OAuth scopes, static, the value is always |
audience | string | required | Audience for the token:
|
grant_type | string | required | Type of the OAuth flow in progress, static, the value is always |
Headers provide metadata about an HTTP request, telling the server how to parse the incoming data and what format to use when returning the response. The following headers are used in your request:
| Headers | Requirement | Data type |
|---|---|---|
| Content-type | optional | string |
| Accept | optional | string |
Here's an example of the above parameters in the code to create a 24-hour token:
curl --request POST \
--url https://sandbox-auth.tangocard.com/oauth/token \
--header ‘Accept: application/json’ \
--header ‘Content-Type: application/x-www-form-urlencoded’ \
--data client_id= string \
--data client_secret=string\
--data username=string \
--data ’password=string \
--data scope=raas.all \
--data audience=https://api.tangocard.com/ \
--data grant_type=passwordHere's an example of the returned payload:
{
"access_token": "<string>",
"scope": "<string>",
"expires_in": "<integer>",
"token_type": "Bearer"
}The response message for this endpoint is. For details, see i18nkey codes and their error messages:
- 200 OK
- 400 Bad Request
- 401 Unauthorized