Bearer Token

Documentation | Checkbook

Get the Bearer Token

The AUTHORIZATION_CODE can be exchanged for bearer tokens using the token endpoint at https://app.checkbook.io/web/v1/auth/oauth/token

๐Ÿšง

Sandbox OAuth

If you want to test the OAuth flow in Sandbox, you will need to use this endpoint to get the bearer token:
https://sandbox.app.checkbook.io/web/v1/auth/oauth/token

โ—๏ธ

Update Reminder

The old token URL https://checkbook.io/oauth/token will be discontinued after August 1st, 2021. Please update your implementation to use the new URL https://app.checkbook.io/web/v1/auth/oauth/token

This url accepts a POST request with the parameters:

Request parameter

Description

client_id

Your client ID found in Developer Keys

grant_type

authorization_code

scope

One of the following values:

  • check: the token can be used multiple times to send or request checks
  • check_receive: the token can be used multiple times to request checks
  • single-use: the token can be used only once to send or request checks

code

The AUTHORIZATION_CODE returned in the previous step from the redirect to the callback URI http://REDIRECT_URI?code=AUTHORIZATION_CODE

redirect_uri

Your callback url found in Developer Keys

client_secret

Your secret key found in Developer Keys

A successful request will return a JSON object with an access_token along with some other information:

Field

Description

access_token

BEARER_TOKEN: Bearer token that needs to be used to make API request on behalf of the user

token_type

Bearer

expires_in

Timestamp for when the token will expire

refresh_token

REFRESH_TOKEN: Token that can be used to refresh the Bearer Token

scope

The same scope that was used in the request

Here's an example of a request:

curl --request POST \
  --url https://demo.checkbook.io/web/v1/auth/oauth/token \
  --header 'application/x-www-form-urlencoded' \
  --data 'client_id=313910200b834c009f62ae47feeee407&grant_type=authorization_code&scope=check&code=8hXMj1T9D36qL2uzb19s5OaNnkT6Vq&redirect_uri=https://example.com&checkbook_oauth_redirect&client_secret=dXbCgzYBMibj8ZwuQMd2NXr6rtvjZ8'

And the corresponding response:

{
  "access_token": "Nv6XB8OQ3IfT77Y9IknZqe87bFiF6Z", 
  "token_type": "Bearer", 
  "expires_in": 15552000, 
  "refresh_token": "v0sRbFofMnKB2GmMyGnoOsot1VbpDU", 
  "scope": "check"
}

๐Ÿ“˜

Note

The previous request is for the demo environment and cannot be used for an actual OAuth implementation. You will need to use either the sandbox or the production authorization endpoint.

Refresh the Bearer Token

When the BEARER_TOKEN expires, you need to make another request to the endpoint at https://app.checkbook.io/web/v1/auth/oauth/token to get a new token.

๐Ÿšง

Sandbox OAuth

If you want to test the OAuth flow in Sandbox, you will need to use this endpoint to get the bearer token:
https://sandbox.app.checkbook.io/web/v1/auth/oauth/token

This url accepts a POST request with the parameters:

Request parameter

Description

client_id

Your client ID found in Developer Keys

grant_type

refresh_token

refresh_token

The REFRESH_TOKEN returned in the previous step

client_secret

Your secret key found in Developer Keys

A successful request will return the JSON object with an access_token, same as the initial response for getting the Bearer token.

Here's an example of a request:

curl --request POST \
  --url https://demo.checkbook.io/web/v1/auth/oauth/token \
  --header 'application/x-www-form-urlencoded' \
  --data 'client_id=313910200b834c009f62ae47feeee407&grant_type=refresh_token&refresh_token=v0sRbFofMnKB2GmMyGnoOsot1VbpDU'

๐Ÿ“˜

Note

The previous request is for the demo environment and cannot be used for an actual OAuth implementation. You will need to use either the sandbox or the production authorization endpoint.

Make API Calls

The BEARER_TOKEN (i.e. the access_token from the JSON response) will be used for authentication when making API requests, instead of the normal authorization header :

Authorization: bearer BEARER_TOKEN

So for the previous example, the authorization header would need to look like this:

Authorization: bearer Nv6XB8OQ3IfT77Y9IknZqe87bFiF6Z