Create Access Token

This is an optional, alternative method of authenticating requests to the MoneyKit API. Normally, you can authenticate requests by including X-Client-Id and X-Client-Secret HTTP headers. However, if you prefer, you can instead create a short-lived access token, using this endpoint.

That access_token can then be passed instead of the client/secret headers, as an Authorization: Bearer {access_token} HTTP header.

Note that when the token expires you must create a new one to replace it. The expiration is given as the expires_in response value.

The client_id and client_secret can be supplied to this endpoint as POST body parameters, or as a "Basic" auth header (base64-encoded {client_id:secret}).

URL

POST

/auth/token

Request

curl --request POST \
  --url https://api.moneykit.com/auth/token \
  --header 'Authorization: Basic REPLACE_BASIC_AUTH' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data scope= \
  --data client_id=live_5c739a369515e10fc9e0 \
  --data client_secret=string

const options = {
  method: 'POST',
  headers: {
    Authorization: 'Basic REPLACE_BASIC_AUTH',
    'content-type': 'application/x-www-form-urlencoded'
  },
  body: new URLSearchParams({
    grant_type: 'client_credentials',
    scope: '',
    client_id: 'live_5c739a369515e10fc9e0',
    client_secret: 'string'
  })
};

fetch('https://api.moneykit.com/auth/token', options)
  .then(response => response.json())
  .then(response => console.log(response))
  .catch(err => console.error(err));

import requests

url = "https://api.moneykit.com/auth/token"

payload = "grant_type=client_credentials&scope=&client_id=live_5c739a369515e10fc9e0&client_secret=string"
headers = {
    "Authorization": "Basic REPLACE_BASIC_AUTH",
    "content-type": "application/x-www-form-urlencoded"
}

response = requests.request("POST", url, data=payload, headers=headers)

print(response.text)

package main

import (
	"fmt"
	"strings"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "https://api.moneykit.com/auth/token"

	payload := strings.NewReader("grant_type=client_credentials&scope=&client_id=live_5c739a369515e10fc9e0&client_secret=string")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("Authorization", "Basic REPLACE_BASIC_AUTH")
	req.Header.Add("content-type", "application/x-www-form-urlencoded")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}

require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://api.moneykit.com/auth/token")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Basic REPLACE_BASIC_AUTH'
request["content-type"] = 'application/x-www-form-urlencoded'
request.body = "grant_type=client_credentials&scope=&client_id=live_5c739a369515e10fc9e0&client_secret=string"

response = http.request(request)
puts response.read_body

import Foundation

let headers = [
  "Authorization": "Basic REPLACE_BASIC_AUTH",
  "content-type": "application/x-www-form-urlencoded"
]

let postData = NSMutableData(data: "grant_type=client_credentials".data(using: String.Encoding.utf8)!)
postData.append("&scope=".data(using: String.Encoding.utf8)!)
postData.append("&client_id=live_5c739a369515e10fc9e0".data(using: String.Encoding.utf8)!)
postData.append("&client_secret=string".data(using: String.Encoding.utf8)!)

let request = NSMutableURLRequest(url: NSURL(string: "https://api.moneykit.com/auth/token")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()

Response

{
  "access_token": "52ea3d1b...4f9a53fffb67",
  "token_type": "bearer",
  "expires_in": 3600
}

{
  "error_code": "api_error.auth.unauthorized",
  "error_message": "Accounts access not permitted",
  "documentation_url": string
}

{
  "error_code": "api_error.auth.unauthorized",
  "error_message": "Accounts access not permitted",
  "documentation_url": string
}

client_id

: string

Your application's MoneyKit client ID.

example: live_5c739a369515e10fc9e0

client_secret

: string

Your application's MoneyKit client secret.

grant_type

: string

Token grant type. Only client_credentials or refresh_token supported.

example: client_credentials

scope

: string

Actions to be allowed for this token, given as one or more strings separated by spaces. If omitted, all actions allowed for your application will be granted to this token.

default: ""

client_id

: string

Your application's MoneyKit client ID.

example: live_5c739a369515e10fc9e0

client_secret

: string

Your application's MoneyKit client secret.

grant_type

: string

Token grant type. Only client_credentials or refresh_token supported.

example: client_credentials

scope

: string

Actions to be allowed for this token, given as one or more strings separated by spaces. If omitted, all actions allowed for your application will be granted to this token.

Responses

201

Generated access token.

access_token

: string

Short-lived access token.

example: 52ea3d1b...4f9a53fffb67

token_type

: string

Always "bearer".

example: bearer

expires_in

: integer

How long until access_token expires in seconds.

example: 3600

400

Invalid grant_type

error_code

: string

default: "api_error.auth.unauthorized"

Allowed values:

api_error.auth.unauthorized

error_message

: string

Error message

example: Accounts access not permitted

documentation_url

: string

401

Unauthorized

error_code

: string

default: "api_error.auth.unauthorized"

Allowed values:

api_error.auth.unauthorized

error_message

: string

Error message

example: Accounts access not permitted

documentation_url

: string

Request

curl --request POST \
  --url https://api.moneykit.com/auth/token \
  --header 'Authorization: Basic REPLACE_BASIC_AUTH' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data scope= \
  --data client_id=live_5c739a369515e10fc9e0 \
  --data client_secret=string

const options = {
  method: 'POST',
  headers: {
    Authorization: 'Basic REPLACE_BASIC_AUTH',
    'content-type': 'application/x-www-form-urlencoded'
  },
  body: new URLSearchParams({
    grant_type: 'client_credentials',
    scope: '',
    client_id: 'live_5c739a369515e10fc9e0',
    client_secret: 'string'
  })
};

fetch('https://api.moneykit.com/auth/token', options)
  .then(response => response.json())
  .then(response => console.log(response))
  .catch(err => console.error(err));

import requests

url = "https://api.moneykit.com/auth/token"

payload = "grant_type=client_credentials&scope=&client_id=live_5c739a369515e10fc9e0&client_secret=string"
headers = {
    "Authorization": "Basic REPLACE_BASIC_AUTH",
    "content-type": "application/x-www-form-urlencoded"
}

response = requests.request("POST", url, data=payload, headers=headers)

print(response.text)

package main

import (
	"fmt"
	"strings"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "https://api.moneykit.com/auth/token"

	payload := strings.NewReader("grant_type=client_credentials&scope=&client_id=live_5c739a369515e10fc9e0&client_secret=string")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("Authorization", "Basic REPLACE_BASIC_AUTH")
	req.Header.Add("content-type", "application/x-www-form-urlencoded")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}

require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://api.moneykit.com/auth/token")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Basic REPLACE_BASIC_AUTH'
request["content-type"] = 'application/x-www-form-urlencoded'
request.body = "grant_type=client_credentials&scope=&client_id=live_5c739a369515e10fc9e0&client_secret=string"

response = http.request(request)
puts response.read_body

import Foundation

let headers = [
  "Authorization": "Basic REPLACE_BASIC_AUTH",
  "content-type": "application/x-www-form-urlencoded"
]

let postData = NSMutableData(data: "grant_type=client_credentials".data(using: String.Encoding.utf8)!)
postData.append("&scope=".data(using: String.Encoding.utf8)!)
postData.append("&client_id=live_5c739a369515e10fc9e0".data(using: String.Encoding.utf8)!)
postData.append("&client_secret=string".data(using: String.Encoding.utf8)!)

let request = NSMutableURLRequest(url: NSURL(string: "https://api.moneykit.com/auth/token")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()

Response

{
  "access_token": "52ea3d1b...4f9a53fffb67",
  "token_type": "bearer",
  "expires_in": 3600
}

{
  "error_code": "api_error.auth.unauthorized",
  "error_message": "Accounts access not permitted",
  "documentation_url": string
}

{
  "error_code": "api_error.auth.unauthorized",
  "error_message": "Accounts access not permitted",
  "documentation_url": string
}

Create Access Token

URL

Request

Response

Body Parameters

Form Data

Authorization

Responses

201

400

401

Request

Response