Create Access Token

Create Access Token

Create a new short-lived access token by validating your client_id and client_secret.

The access_token is to be forwarded with all subsequent requests as Authorization: Bearer {access_token} HTTP header.

When the token expires you must regenerate your access_token.

The client_id and client_secret can be supplied as POST body parameters, or as a HTTP basic auth header.

URL

POST
/auth/token
Request
curl --request POST \
  --url https://api.moneykit.com/auth/token \
  --header 'Authorization: Basic REPLACE_BASIC_AUTH' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=string \
  --data scope= \
  --data client_id=live_5c739a369515e10fc9e0 \
  --data client_secret=string
const options = {
  method: 'POST',
  headers: {
    Authorization: 'Basic REPLACE_BASIC_AUTH',
    'content-type': 'application/x-www-form-urlencoded'
  },
  body: new URLSearchParams({
    grant_type: 'string',
    scope: '',
    client_id: 'live_5c739a369515e10fc9e0',
    client_secret: 'string'
  })
};

fetch('https://api.moneykit.com/auth/token', options)
  .then(response => response.json())
  .then(response => console.log(response))
  .catch(err => console.error(err));
import requests

url = "https://api.moneykit.com/auth/token"

payload = "grant_type=string&scope=&client_id=live_5c739a369515e10fc9e0&client_secret=string"
headers = {
    "Authorization": "Basic REPLACE_BASIC_AUTH",
    "content-type": "application/x-www-form-urlencoded"
}

response = requests.request("POST", url, data=payload, headers=headers)

print(response.text)
package main

import (
	"fmt"
	"strings"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "https://api.moneykit.com/auth/token"

	payload := strings.NewReader("grant_type=string&scope=&client_id=live_5c739a369515e10fc9e0&client_secret=string")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("Authorization", "Basic REPLACE_BASIC_AUTH")
	req.Header.Add("content-type", "application/x-www-form-urlencoded")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}
require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://api.moneykit.com/auth/token")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Basic REPLACE_BASIC_AUTH'
request["content-type"] = 'application/x-www-form-urlencoded'
request.body = "grant_type=string&scope=&client_id=live_5c739a369515e10fc9e0&client_secret=string"

response = http.request(request)
puts response.read_body
import Foundation

let headers = [
  "Authorization": "Basic REPLACE_BASIC_AUTH",
  "content-type": "application/x-www-form-urlencoded"
]

let postData = NSMutableData(data: "grant_type=string".data(using: String.Encoding.utf8)!)
postData.append("&scope=".data(using: String.Encoding.utf8)!)
postData.append("&client_id=live_5c739a369515e10fc9e0".data(using: String.Encoding.utf8)!)
postData.append("&client_secret=string".data(using: String.Encoding.utf8)!)

let request = NSMutableURLRequest(url: NSURL(string: "https://api.moneykit.com/auth/token")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()
Response
{
  "access_token": "52ea3d1b...4f9a53fffb67",
  "token_type": "bearer",
  "expires_in": 3600
}
{
  "error_code": "api_error.auth.unauthorized",
  "error_message": "Accounts access not permitted",
  "documentation_url": string
}
{
  "error_code": "api_error.auth.unauthorized",
  "error_message": "Accounts access not permitted",
  "documentation_url": string
}

client_id

: string

Your application's MoneyKit client ID.

example: live_5c739a369515e10fc9e0

client_secret

: string

Your application's MoneyKit client secret.

grant_type

: string

Token grant type. Only client_credentials supported.

scope

: string

Actions to be allowed for this token, given as one or more strings separated by spaces. If omitted, all actions allowed for your application will be granted to this token.

default: ""

client_id

: string

Your application's MoneyKit client ID.

example: live_5c739a369515e10fc9e0

client_secret

: string

Your application's MoneyKit client secret.

grant_type

: string

Token grant type. Only client_credentials supported.

scope

: string

Actions to be allowed for this token, given as one or more strings separated by spaces. If omitted, all actions allowed for your application will be granted to this token.

Responses

201

Generated access token.

access_token

: string

Short-lived access token.

example: 52ea3d1b...4f9a53fffb67

token_type

: string

Always "bearer".

example: bearer

expires_in

: integer

How long until access_token expires in seconds.

example: 3600

400

Invalid grant_type

error_code

: string

default: "api_error.auth.unauthorized"

Allowed values:

api_error.auth.unauthorized

error_message

: string

Error message

example: Accounts access not permitted

documentation_url

: string

401

Unauthorized

error_code

: string

default: "api_error.auth.unauthorized"

Allowed values:

api_error.auth.unauthorized

error_message

: string

Error message

example: Accounts access not permitted

documentation_url

: string