Secure your connection with OAuth 2.0
You must first retrieve your client credentials for OAuth by going to the Tango portal. See how to Sign in to the Tango portal . If you don't have an account with Tango, see how to set up an account . With client credentials ready, acquire a token and call the Tango API. See how you can acquire a Tango access token
Note:
- You are expected to manage your own client credentials using the Tango portal. Client credentials do not expire.
- The OAuth tokens are generated from client credentials and expire in 24 hours (86400 seconds).
- Acquire a new token by reissuing the
POST {URI}/oauth/token
request using your client credentials.- Request for new tokens are rate limited to one per 20 hours.
- Failure to comply with rate limit will result in a 400 error message: "Client {internal client_name} {client id} has exceeded the daily rate limit".
Caution about rate limit
Use a distributed cache to store the token so that upon a restart the token can be retrieved without having to create a new token and hitting the rate limit. Only renew the token if it's been expired or within the four (4)-hour refresh window.
Step 1: Retrieve you client credentials from Tango
- Log in to the Tango portal.
- Go to Team settings on the left menu.
-
Click Manage under OAuth client credentials.
-
Click Generate Client Credentials to generate the Client ID and Client Secret.
Note:
You can generate up to two credentials at a given time and deactivate a credential if it's no longer required. It provides an option for you to rotate credentials when needed. For security reasons, you're encouraged to rotate your credentials periodically.
- Check out Audit Log to view the history of activities in managing the credentials, and for audit purposes.
Step 2: Acquire a token
Use the client ID and client secret you have generated in the Tango portal and send a request to {URI}/oauth/token
.
Note:
The following URLs links take you to the
/token
endpoint:
- Sandbox: https://sandbox-auth.tangocard.com/oauth/token
- Production: https://auth.tangocard.com/oauth/token
We recommend you to try the Tango API test console first. Follow the instructions below:
To acquire a token:
- Go to the Tango API test console.
- Use the Client ID and Client Secret you generated in the Tango portal.
- Send a POST request to the
{URI}/oauth/token
endpoint replacingYOUR_CLIENT_ID
andYOUR_CLIENT_SECRET
with your client credentials.
See the example request below:
curl --request POST \
--url 'https://sandbox-auth.tangocard.com/oauth/token' \
--header 'content-type: application/x-www-form-urlencoded' \
--data "grant_type"="client_credentials" \
--data "client_id"="YOUR_CLIENT_ID" \
--data "client_secret"="YOUR_CLIENT_SECRET" \
--data "audience"="https://api.tangocard.com/"
--data "scope"="raas.all"
- Get the OAuth token from the above API call. The response is in JSON format and is presented under the field named access token.
See an example response below:
{
"access_token": "eyJhdgskjgfdspoeufeopfu",
"expires_in": 2592000,
"token_type": "Bearer"
}
- Save the token in your database.
Note:
Tango API token can be refreshed at most once a day. As a best practice, we recommend you to save the token and utilize it until it expires in 24 hours.
See the example request below:
curl --request POST \
--url https://sandbox-auth.tangocard.com/oauth/token \
--header 'accept: application/json' \
--header 'content-type: application/x-www-form-urlencoded' \
--data "client_id"="string" \
--data "scope"="raas.all" \
--data "audience"="https://api.tangocard.com/" \
--data "grant_type"="client_credentials" \
--data "client_secret"="string"
Here are a couple of examples of response payload you may receive:
{
"access_token": "string",
"scope": "string",
"expires_in": 0, (in seconds)
"token_type": "Bearer"
}
or
{
"access_token": "string",
"scope": "raas.all",
"expires_in": 86400,
"token_type": "Bearer"
}
Step 3: Call Tango API
Use the token retrieved above to make Tango API calls such as getting a list of customers, get details of accounts, etc. See an example request below:
curl \
--header "Accept: application/json" \
--header "Authorization: Bearer YOUR_TOKEN_HERE" \
https://integration-api.tangocard.com/raas/v2/customers
In the Test Console
- In the Tango API test console, navigate to a Tango API function you want to test, such as Customers.
- Change Basic to Bearer under AUTHENTICATION.
- Enter your token.
- Click Try it and check the response.
Updated about 1 month ago