Acquire service account token
To acquire a new API token with OAuth 2.0, you need four pieces of information from the Tango portal—the client ID, client secret, service account username, and service account password. Once you have the above information, use thePOST {URI}/oauth/token endpoint (at least once every 24 hours) to acquire a new token.
See how to get the client ID, client secret, username, and password: Use OAuth for secure connection.
Note:
- You can get unlimited tokens. There's no restrictions in the number of tokens.
- An access token can only be used for 24 hours once created. Fetch a new token at least once every 24 hours to authenticate calls. New tokens can be generated using the same client credentials and service accounts, or the updated credentials.
Use the following endpoint to request a new OAuth token:
| Endpoint | Description |
|---|---|
POST {URI}/oauth/token | To acquire a new oauth token. |
The following parameters can be used in your request:
| Form Data | Data type | Requirement | Description |
|---|---|---|---|
| client_id | string | required | The client_id is a variable referring to the Client ID field value generated in the Tango portal under OAuth client credentials. |
| client_secret | string | required | The client_secret is a variable referring to the Client Secret field value generated in the Tango portal under OAuth client credentials. |
| username | string | required | The Service Account username created in the Tango portal under OAuth Service Accounts. |
| password | string | required | The Service Account password created in the Tango portal under OAuth Service Accounts. |
| scope | string | required | List of space-separated OAuth scopes, static, the value is always raas.all. |
| audience | string | required | Audience for the token, static, the value is always https://api.tangocard.com/. |
| grant_type | string | required | Type of the OAuth flow in progress, static, the value is always password. |
The following headers are used in your request:
| Headers | Requirement | Data type |
|---|---|---|
| Content-type | optional | string |
| Accept | optional | string |
Here's an example of the above parameters in the code:
curl --request POST \
--url https://sandbox-auth.tangocard.com/oauth/token \
--header ‘Accept: application/json’ \
--header ‘Content-Type: application/x-www-form-urlencoded’ \
--data client_id= string \
--data client_secret=string\
--data username=string \
--data ’password=string \
--data scope=raas.all \
--data audience=https://api.tangocard.com/ \
--data grant_type=password
Here's an example of the returned payload:
{
"access_token": "<string>",
"scope": "<string>",
"expires_in": "<integer>",
"token_type": "Bearer"
}
The response message for this endpoint is. For details, see i18nkey codes and their error messages:
- 200 OK
- 400 Bad Request
- 401 Unauthorized
Updated 6 days ago