Guides
API Reference

Authenticate

Suggest Edits

Generate Access Token

An API Access Token functions as a distinctive identifier utilized for the authentication and authorization of API access. It provides a secure mechanism to restrict API interaction solely to authorized users or applications, thereby enabling specific actions or data retrieval.

To acquire an access token, initiate a POST request directed to the following endpoint:

https://cubi-sandbox-api.customersbank.com/security/v1/oauth2/token

This request requires the inclusion of both the client id and client secret for authentication purposes. Once obtained, the access token grants authorized access to APIs, facilitating seamless integration to additional requests until it expires. It is recommended to cache tokens for the time specified in seconds by the expires_in property found in the response.
Tokens have a limited lifespan and will typically expire in 3600 seconds (1 hour). To renew an expired token, simply follow the steps outlined above to obtain a new access token.

Example Request:

POST /security/v1/oauth2/token HTTP/1.1
Host: cubi-sandbox-api.customersbank.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 131

grant_type=client_credentials
&client_Id=ebb8a62b-e559-43d4-ae44-c7cdc5567320
&client_Secret=abc7Q~defghijklmnopqrs0t123456789-_.~

A successful request will generate a response of 200 – Success

Example Response:

{
    "access_token": "access_token",
    "token_type": "Bearer",
    "expires_in": 3598
}

Error Handling
Common errors will include:
400 – Bad Request

For guidance on troubleshooting error codes please consult the Error Code Handling section of this guide.

Troubleshooting Authentication Failures

  1. Verify you are using the correct client_Secret value. The client_Secret value is only visible once at creation time. It should be a combination of up to 40 characters consisting of:

    • a-z (not case-sensitive)
    • 0-9
    • dashes (-)
    • underlines (_)
    • dots (.)
    • tilde accents (~)
      for example: abc7Q~defghijklmnopqrs0t123456789-_.~

    If you do not have the correct client_Secret value, you can delete the previous entry and create a new one to get an updated client_Secret value.

  2. Verify the client_Id value is a UUID in the format xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx

  3. Verify grant_type = client_credentials

  4. Verify you are setting Content-Type : application/x-www-form-urlencoded

Using the Access Token

The access token returned will need to be passed when accessing the other API methods. This should be passed in the Authorization request header as a Bearer token.

Example Request:

PUT /accounts/v1/[ACCOUNT ID] HTTP/1.1
Host: cubi-sandbox-api.customersbank.com
Content-Type: application/json
Authorization: Bearer [access_token]

{
    "name": "Test Account",
    "searchable": true
}

Updated 3 months ago