Authentication endpoints provide operations required to:

  • Create new users in Dapi's system
  • Connect their bank accounts to your application
  • Retrieve permanent access token of the user to perform payment operation and obtain user financial data from Payment and Data endpoints
  • Invalidate user token

Access Tokens

Access tokens allow your app to access the Dapi API. They are permanent for the user. Therefore once it is obtained it does not need to be refreshed, unless the token has been delinked.

They typically perform two functions:

  • Perform user specific operations with the API
  • Interact with the Dapi system

Absolute majority of the Dapi API endpoints require an access token, so each time you access an endpoint, your request may require one. Check each endpoint references for token requirements.

How To Obtain A Token

Below you can find process diagram of how to obtain user access token.

Process Of Obtaining User Access TokenProcess Of Obtaining User Access Token

Process Of Obtaining User Access Token

Dapi Login Using Connect

Dapi provides Connect layer that you can use to authenticate user in the Dapi system and obtain user access code.

To read more about how to initialize Connect layer and authenticate user in the system refer to our Connect Layer documentation

After successful user authentication in the Connect layer, you will get following response:

    "success": true,
    "accessCode": "access_code_value",
    "userSecret": "user_secret_value",
    "connectionID": "connection_id_value",
    "userID": "user_id_value",
    "tokenID": "token_id_value"

You will need accessCode and connectionID from the response to obtain a user token.


Please Note

Access Code is only valid for 30 minutes. It must be exchanged for Access Token within this 30 minutes, otherwise the code will become ineffective.

Exchange Access Code For Access Token

Token must be obtained using ExchangeToken method. To generate a successful request you will need:

  • accessCode
  • connectionID
  • appSecret

To read more on how to obtain accessCode and connectionID please refer to Connect Layer Documentation ]

To read more on how to register app and obtain app keys please refer to Getting your API keys]

Request body for exchanging accessCode for accessToken looks following:

    "appSecret": "app_secret_value",
    "accessCode": "access_code_value",
    "connectionID": "connection_id_value"

Successful exchangeToken response looks following:

  "success": true,
  "accessToken": "access_token_value"

Sample code to generate exchangeToken request:

curl --request POST \
  --url \
  --header 'Content-Type: application/json' \
  --data '{
    "appSecret": "app_secret_value",
    "accessCode": "access_code_value",
  "connectionID": "connectionID_value"

Use Access Token

Access Tokens must be specified in Authorization header as Bearer type for the endpoints that require it.

What’s Next

Now that you are more familiar with Authentication process and how to obtain Access Token, you can read more about ExchangeToken method or Connect layer