Authenticating With Our API
Learn how to get and use access tokens with our API
We use OAuth2 to authenticate and authorize our users. In order to be able to use the API, you'll need get an access token first.
Getting An Access Token
When your business is first onboarded, you will receive two keys: a client ID and a client secret. These keys can be used in conjunction with our /oath/token
endpoint to retrieve an access token.
import os
import requests
PENNY_API_URL = "https://api.dba.thepennyinc.com/v1"
CLIENT_ID = os.getenv("CLIENT_ID")
CLIENT_SECRET = os.getenv("CLIENT_SECRET")
payload = {
"client_id": CLIENT_ID,
"client_secret": CLIENT_SECRET,
"grant_type": "client_credentials"
}
response = requests.post(PENNY_API_URL + "/oauth/token", json=payload)
token = response.json().get("data").get("access_token")
Authentication Limits
There is a limit to the number of access tokens that can be generated at any one time. Access tokens are valid for 24 hours. A new token should only be requested after an existing token has expired.
For more details about the limits our system imposes, see Limits
Keep your client ID and client secret safe! If someone gets access to them, they can access your PennyInc resources. Do not share your keys in publicly accessible areas such as GitHub, client-side code, and so forth.
If you believe your keys have been compromised, contact us immediately so we can issue you new credentials.
Using Your Access Token
Once you've got an access token, using it is simple. All you need to do is add an Authorization header to your API request containing your token and you're good to go!
import os
import requests
PENNY_API_URL = "https://api.dba.thepennyinc.com/v1"
AUTH_TOKEN = os.getenv("PENNY_AUTH_TOKEN")
payload = {...}
headers = {"Authorization": f"Bearer {AUTH_TOKEN}"}
response = requests.post("/cards", headers=headers, json=payload)
Updated over 1 year ago