Skip to main content

Create OAuth Token (V1)

Loading...
API endpoint path: /v1/oauth/token

Issues an OAuth access token for accessing legacy Candescent APIs. The token is scoped to a specified financial institution and is used as a bearer token in subsequent Candescent APIs requests.

Requests must use application/x-www-form-urlencoded encoding and specify a supported grant_type.

Use this endpoint to:

  • Obtain a bearer token for legacy V1 APIs (Send Event, Destinations, Get FI Customer, Register User).
  • Authenticate a retail digital banking customer using the password grant with username and password, and receive customer context (di_ficustomer, di_member_number) in the response. The password grant is supported for retail users only.
  • Obtain institution-scoped access using the client_credentials grant type when customer credentials are not available or the request is not customer-specific.
  • Use the returned access_token to authorize subsequent Candescent API requests.

Behavior and capabilities:

  • Supported grant types are password and client_credentials.
    • The password grant issues a customer-scoped token for retail users only and includes customer context in the response. Business users must use client_credentials or OAuth V2 token endpoint.
    • The client_credentials grant issues an institution-scoped token without customer context.
  • Requests require HTTP Basic Authentication with the application's client_id and client_secret.
  • The specified financial institution (di_fiid) must be authorized for the application; unauthorized institutions return HTTP 401.
  • Access tokens expire after 30 minutes by default; the expiration duration can be configured per application. A new token request is required after expiration.
  • Successful requests return an XML payload containing the access_token and expiration information.

Note: This endpoint may be deprecated in a future release. For most current APIs (Accounts, Alerts, Banking Images, Disclosures, Money Movement, Transactions), use the OAuth V2 token endpoint.

Request

Responses

Success