Documentation

Secure your connection with OAuth 2.0

Suggest Edits

You must first retrieve your client credentials for OAuth by going to the Tango portal. See how to Sign in to the Tango portal . If you don't have an account with Tango, see how to set up an account . With client credentials ready, acquire a token and call the Tango API. See how you can acquire a Tango access token

πŸ“˜

Note:

  • You are expected to manage your own client credentials using the Tango portal. Client credentials do not expire.
  • The OAuth tokens are generated from client credentials and expire in 24 hours (86400 seconds).
  • Acquire a new token by reissuing the POST {URI}/oauth/token request using your client credentials.
  • Request for new tokens are rate limited to one per 20 hours.
  • Failure to comply with rate limit will result in a 400 error message: "Client {internal client_name} {client id} has exceeded the daily rate limit".

❗️

Caution about rate limit

Use a distributed cache to store the token so that upon a restart the token can be retrieved without having to create a new token and hitting the rate limit. Only renew the token if it's been expired or within the four (4)-hour refresh window.

Step 1: Retrieve you client credentials from Tango

  1. Log in to the Tango portal.
  2. Go to Team settings on the left menu.

  1. Click Manage under OAuth client credentials.

  2. Click Generate Client Credentials to generate the Client ID and Client Secret.

πŸ“˜

Note:

You can generate up to two credentials at a given time and deactivate a credential if it's no longer required. It provides an option for you to rotate credentials when needed. For security reasons, you're encouraged to rotate your credentials periodically.

  1. Check out Audit Log to view the history of activities in managing the credentials, and for audit purposes.

Step 2: Acquire a token

Use the client ID and client secret you have generated in the Tango portal and send a request to {URI}/oauth/token.

πŸ“˜

Note:

The following URLs links take you to the /token endpoint:

We recommend you to try the Tango API test console first. Follow the instructions below:

To acquire a token:

  1. Go to the Tango API test console.
  2. Use the Client ID and Client Secret you generated in the Tango portal.
  3. Send a POST request to the {URI}/oauth/token endpoint replacing YOUR_CLIENT_ID and YOUR_CLIENT_SECRET with your client credentials.

See the example request below:

curl --request POST \
  --url 'https://sandbox-auth.tangocard.com/oauth/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data "grant_type"="client_credentials" \
  --data "client_id"="YOUR_CLIENT_ID" \
  --data "client_secret"="YOUR_CLIENT_SECRET" \
  --data "audience"="https://api.tangocard.com/"
  --data "scope"="raas.all"
  1. Get the OAuth token from the above API call. The response is in JSON format and is presented under the field named access token.

See an example response below:

{
"access_token": "eyJhdgskjgfdspoeufeopfu",
"expires_in": 2592000,
"token_type": "Bearer"
}
  1. Save the token in your database.

πŸ“˜

Note:

Tango API token can be refreshed at most once a day. As a best practice, we recommend you to save the token and utilize it until it expires in 24 hours.

See the example request below:

    
     curl --request POST \
     --url https://sandbox-auth.tangocard.com/oauth/token \
     --header 'accept: application/json' \
     --header 'content-type: application/x-www-form-urlencoded' \
     --data "client_id"="string" \
     --data "scope"="raas.all" \
     --data "audience"="https://api.tangocard.com/" \
     --data "grant_type"="client_credentials" \
     --data "client_secret"="string"

Here are a couple of examples of response payload you may receive: 

{
  "access_token": "string",
  "scope": "string",
  "expires_in": 0, (in seconds)
  "token_type": "Bearer"
}

or

{
  "access_token": "string",
  "scope": "raas.all",
  "expires_in": 86400,
  "token_type": "Bearer"
}

Step 3: Call Tango API

Use the token retrieved above to make Tango API calls such as getting a list of customers, get details of accounts, etc. See an example request below:

curl \
    --header "Accept: application/json" \
    --header "Authorization: Bearer YOUR_TOKEN_HERE" \
    https://integration-api.tangocard.com/raas/v2/customers

In the Test Console

  1. In the Tango API test console, navigate to a Tango API function you want to test, such as Customers.
  2. Change Basic to Bearer under AUTHENTICATION.
  3. Enter your token.
  4. Click Try it and check the response.

Updated about 1 month ago

What’s Next