Create Access Token
Create Access Token
This is an optional, alternative method of authenticating requests to the MoneyKit API. Normally, you can
authenticate requests by including X-Client-Id
and X-Client-Secret
HTTP headers. However, if you prefer,
you can instead create a short-lived access token, using this endpoint.
That access_token
can then be passed instead of the client/secret headers, as an
Authorization: Bearer {access_token}
HTTP header.
Note that when the token expires you must create a new one to replace it. The expiration is given as the
expires_in
response value.
The client_id
and client_secret
can be supplied to this endpoint as POST body parameters, or as a "Basic" auth
header (base64-encoded {client_id:secret}
).
URL
Request
Response
client_id
: string
Your application's MoneyKit client ID.
example: live_5c739a369515e10fc9e0
client_secret
: string
Your application's MoneyKit client secret.
grant_type
: string
Token grant type. Only client_credentials
or refresh_token
supported.
example: client_credentials
scope
: string
Actions to be allowed for this token, given as one or more strings separated by spaces. If omitted, all actions allowed for your application will be granted to this token.
default: ""
client_id
: string
Your application's MoneyKit client ID.
example: live_5c739a369515e10fc9e0
client_secret
: string
Your application's MoneyKit client secret.
grant_type
: string
Token grant type. Only client_credentials
or refresh_token
supported.
example: client_credentials
scope
: string
Actions to be allowed for this token, given as one or more strings separated by spaces. If omitted, all actions allowed for your application will be granted to this token.
Responses
201
Generated access token.
access_token
: string
Short-lived access token.
example: 52ea3d1b...4f9a53fffb67
token_type
: string
Always "bearer".
example: bearer
expires_in
: integer
How long until access_token
expires in seconds.
example: 3600
400
Invalid grant_type
error_code
: string
default: "api_error.auth.unauthorized"
Allowed values:
api_error.auth.unauthorized
error_message
: string
Error message
example: Accounts access not permitted
documentation_url
: string
401
Unauthorized
error_code
: string
default: "api_error.auth.unauthorized"
Allowed values:
api_error.auth.unauthorized
error_message
: string
Error message
example: Accounts access not permitted
documentation_url
: string