Overview

Key concepts
Available methods

All requests to the Embedded Banking API must be made over HTTPS and authenticated with a Bearer token, generated using the OAuth 2.0 protocol.

Key concepts

Secure data transmission: API requests must be made via HTTPS. Calls over plain HTTP will not succeed.
Bearer token authentication: All API requests must include a Bearer token in the Authorization header. This is compliant with OAuth 2.0.

Your client secret must be stored securely. It is not recoverable after creation — if lost, you must generate a new one.

Available methods

Client credentials

Server-to-server authentication using the OAuth 2.0 client_credentials grant. Your backend exchanges a client ID and secret for a short-lived access token. Use this for all backend API calls.

User token

Act on behalf of a specific user via OAuth 2.0 Token Exchange (RFC 8693). Use this for user-scoped API calls and generating widget tokens for embedded UI components.

Testing Client credentials

⌘I

Getting started

Authentication

Embedded components

White-label

Key concepts

Available methods

Client credentials

User token

Getting started

Authentication

Embedded components

White-label

​Key concepts

​Available methods

Client credentials

User token

Key concepts

Available methods