Authenticating With Our API

Learn how to get and use access tokens with our API

We use OAuth2 to authenticate and authorize our users. In order to be able to use the API, you'll need get an access token first.

Getting An Access Token

When your business is first onboarded, you will receive two keys: a client ID and a client secret. These keys can be used in conjunction with our /oath/token endpoint to retrieve an access token.

import os
import requests


CLIENT_ID = os.getenv("CLIENT_ID")

payload = {
  "client_id": CLIENT_ID,
  "client_secret": CLIENT_SECRET,
  "grant_type": "client_credentials"

response = + "/oauth/token", json=payload)
token = response.json().get("data").get("access_token")


Authentication Limits

There is a limit to the number of access tokens that can be generated at any one time. Access tokens are valid for 24 hours. A new token should only be requested after an existing token has expired.

For more details about the limits our system imposes, see Limits


Keep your client ID and client secret safe! If someone gets access to them, they can access your PennyInc resources. Do not share your keys in publicly accessible areas such as GitHub, client-side code, and so forth.

If you believe your keys have been compromised, contact us immediately so we can issue you new credentials.

Using Your Access Token

Once you've got an access token, using it is simple. All you need to do is add an Authorization header to your API request containing your token and you're good to go!

import os
import requests


payload = {...}
headers = {"Authorization": f"Bearer {AUTH_TOKEN}"}

response ="/cards", headers=headers, json=payload)

What’s Next