Documentation

Secure your connection with Tango API

Suggest Edits

To take full advantage of our Tango API resources, you must establish a secure connection to the Tango API through one of the following methods:

  • Basic Authentication (Auth)—Basic Auth is a simple authentication method used to connect to the Tango API. It's less secure compared to OAuth as it relies on static credentials (platform name and API key) to gain access to your platform.
  • Open Authorization (OAuth) 2.0—(Recommended) OAuth establishes a more secure connection to the Tango API. It uses authorization tokens to verify your system’s identity. OAuth relies on four pieces of information to create a token: client ID, client secret, service account username, and service account password. With OAuth, you can create an unlimited number of service accounts and rotate your client credentials with no downtime. See how to Acquire a service account token.

📘

Note:

Both API keys (Basic Auth) and OAuth client credentials (OAuth) must be enabled for your Production Tango platform. Contact your Tango representative to enable your production platform. See the steps in Get started with Tango API.

Why do we recommend OAuth?

  • Service continuity—the token lives for 24 hours, and the API connection is not interrupted when rotating credentials.
  • Additional layer of security—you can see the service account password only at the time of creation.
  • Ability to create an unlimited number of service accounts—this is especially helpful for users with multiple connections, locations, or departments.

Use case examples on when to use more than one service account

  • Distributed Point of Sales
    Acme Sporting Goods Company franchises hundreds of retail stores across North America. Each independent franchise is individually connected to the Tango platform. To ensure secure connections, Acme uses OAuth 2.0 to connect to the Tango API. With OAuth, they can use one client credential and create multiple service accounts—one for each retail store. If a store is compromised, Acme can deactivate the specific service account associated with that store, ensuring that all other stores remain unaffected. OAuth 2.0 allows Acme to maintain service continuity without compromising system security.
  • Multiple Software Application Connections
    Acme Health Care has integrated the Tango API into multiple software applications. Their proprietary application, which sends rewards to healthcare customers, uses one service account. Additionally, their accounting software, connected to the Tango API for managing account funding, uses a second service account. By leveraging OAuth 2.0 to create multiple service accounts, Acme has enhanced security and traceability. If one application is compromised, they can deactivate the specific service account without impacting the other application.

Required permissions

  • Both API keys (Basic Auth) and OAuth client credentials (OAuth) must be enabled for your Production Tango platform. Contact your Tango representative. See the steps in How to get your API keys enabled.
  • Both Auth and OAuth require you to have the manage permissions for Tango API keys, enabled for your user under the Integrations permissions. If you’re not an admin, contact your Tango portal admin to give you permission. Learn how to Set user permissions and access level.

Updated 4 days ago

What’s Next

© 2025 Tango API are provided by Tango, a division of BHN, Inc.