Authenticate with Tango API

To take advantage of our Tango API resources, you first need to establish a secure connection to our API. To do so, you need to retrieve the client credentials via the Tango portal. See how you can Sign in to our Tango portal or set up an account .

You have two options when it comes to authentication with the Tango API:

• Open Authentication (OAuth) (recommended)
• Basic Authentication

Obtain the necessary credentials for either Basic or Open Authentication by going to the Tango portal. For Open Authentication, you must use the client credentials to acquire a token and call the Tango API to further take advantage of our great API endpoints.

We recommend OAuth authentication for the following reasons:

• Is the industry standard
• Provides the most secure connection
• Provides the ability to rotate credentials with no downtime

Authenticate with Tango API via OAuth (recommended)

OAuth client credentials settings in the Tango portal allow you to generate the client ID and a client secret. The active credentials are then used to acquire a Tango access token by calling the Tango API token endpoints. This token is used to call Tango API endpoints.

📘

Note:

• You are expected to manage your own client credentials using the Tango portal. Client credentials do not expire.
• The OAuth tokens are generated from client credentials and expire in 24 hours (86400 seconds).
• You can acquire a new token by reissuing the POST {URI}/oauth/token request using your client credentials.
• You are limited to requesting one token every 24 hours.

You can authenticate with Tango API using OAuth in three easy steps:

Step 1: Get client ID and secret from Tango

1. Log in to the Tango portal.
2. Navigate to Team settings on the left menu.

3. Go to the OAuth client credentials.

4. Click Manage .

5. Click Generate Client Credentials to generate the Client ID and Client Secret.

   📘

   Note:

   You can generate up to two credentials at a given time and deactivate a credential if it is no longer required. It provides an option for you to rotate credentials when needed. For security reasons, you are encouraged to rotate your credentials periodically.

6. Check out Audit Log to view the history of activities in managing the credentials, and for audit purposes.

Step 2: Acquire a token

Use the client ID and client secret you have generated in the Tango portal and send a request to {URI}/oauth/token.

📘

Note:

The following URLs links take you to the /token endpoint:

• Sandbox: https://sandbox-auth.tangocard.com/oauth/token
• Production: https://auth.tangocard.com/oauth/token

We recommend trying the Tango API test console first. Follow the instructions below:

To acquire a token:

1. Go to the Tango API test console.
2. Use the Client ID and Client Secret you generated in the Tango portal.
3. Send a POST request to the {URI}/oauth/token endpoint replacing YOUR_CLIENT_ID and YOUR_CLIENT_SECRET with your client credentials.

See the example request below:

curl --request POST \
  --url 'https://sandbox-auth.tangocard.com/oauth/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data 'grant_type=client_credentials' \
  --data 'client_id=YOUR_CLIENT_ID' \
  --data 'client_secret=YOUR_CLIENT_SECRET' \
  --data 'audience=https://api.tangocard.com/'
  --data 'scope=raas.all'

4. Get the OAuth token from the above API call. The response is in JSON format and is presented under the field named access token.

See an example response below:

{
"access_token": "eyJhdgskjgfdspoeufeopfu",
"expires_in": 2592000,
"token_type": "Bearer"
}

5. Save the token in your database.

📘

Note:

Tango API token can be refreshed at most once a day. As a best practice, we recommend you to save the token and utilize it until it expires in 24 hours.

See the example request below:

curl --request POST \
     --url https://sandbox-auth.tangocard.com/oauth/token \
     --header 'accept: application/json' \
     --header 'content-type: application/x-www-form-urlencoded' \
     --data client_id=YYYYYYYYYYYYYYYYYYYYYYYY \
     --data scope=raas.all \
     --data audience=https://api.tangocard.com/ \
     --data grant_type=client_credentials \
     --data client_secret=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Here are a couple of examples of response payload you may receive:

{
  "access_token": "string",
  "scope": "string",
  "expires_in": 0, (in seconds)
  "token_type": "Bearer"
}

or

{
  "access_token": "XXXXXXX.YYYYYYYYYYYYYYYYYYYYYYYYYYYYY-ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ.ZZZZZZZZZZZZzzzzzzzzzz.zzzzzzzzzzzzzzzzzzzz",
  "scope": "raas.all",
  "expires_in": 86400,
  "token_type": "Bearer"
}

Step 3: Call Tango API

Use the token retrieved above to make Tango API calls such as getting a list of customers, get details of accounts, etc. See an example request below:

curl \
    --header "Accept: application/json" \
    --header "Authorization: Bearer YOUR_TOKEN_HERE" \
    https://integration-api.tangocard.com/raas/v2/customers

In the Test Console

1. In the Tango API test console, navigate to a Tango API you want to test such as Customers.
2. Change Basic to Bearer under AUTHENTICATION.
3. Enter your token.
4. Click Try it and check the response.

Authenticate with Tango API via Basic authentication

Basic client credentials settings in the Tango portal allow you to generate the API key. The active API key and platform name are used in authentication with the Tango APIs.

Step 1: Get client ID and secret from Tango

1. Log in to the Tango portal. Refer to our help article for login questions.
2. Navigate to Team settings on the left menu.

3. Go to API keys and click Manage.

4. Click Generate API Key to create you API key.
5. To make the key visible, click the eye icon next to your Active key.
6. To Copy, hover with your mouse on top of the API Key and click.

Step 2. Call the Tango API

Use the platform name and API key to call the Tango API

OkHttpClient client = new OkHttpClient();

Request request = new Request.Builder()
  .url("https://integration-api.tangocard.com/raas/v2/customers")
  .get()
  .addHeader("accept", "application/json")
  .addHeader("authorization", "Basic YOUR_API_KEY")
  .build();

Response response = client.newCall(request).execute();

In the Test Console

1. In the Tango API test console, navigate to a Tango API you want to test such as Customers.
2. Select Basic under AUTHENTICATION.

1. Enter your platform name for the username, and enter your API key for the password.
2. Click Try it and check the response.

For questions and more information, email us at [email protected].