Bearer Token
Connect with OAuth
Bearer Token
Get the Bearer Token
The AUTHORIZATION_CODE can be exchanged for bearer tokens using the token endpoint at https://app.checkbook.io/web/v1/auth/oauth/token
Sandbox OAuth
If you want to test the OAuth flow in Sandbox, you will need to use this endpoint to get the bearer token:
https://sandbox.app.checkbook.io/web/v1/auth/oauth/token
Update Reminder
The old token URL
https://checkbook.io/oauth/tokenwill be discontinued after August 1st, 2021. Please update your implementation to use the new URLhttps://app.checkbook.io/web/v1/auth/oauth/token
This url accepts a POST request with the parameters:
| Request parameter | Description |
|---|---|
| client_id | Your client ID found in Developer Keys |
| grant_type | authorization_code |
| scope | One of the following values: - check: the token can be used multiple times to send or request checks- check_receive: the token can be used multiple times to request checks- single-use: the token can be used only once to send or request checks |
| code | The AUTHORIZATION_CODE returned in the previous step from the redirect to the callback URI http://REDIRECT_URI?code=AUTHORIZATION_CODE |
| redirect_uri | Your callback url found in Developer Keys |
| client_secret | Your secret key found in Developer Keys |
A successful request will return a JSON object with an access_token along with some other information:
| Field | Description |
|---|---|
| access_token | BEARER_TOKEN: Bearer token that needs to be used to make API request on behalf of the user |
| token_type | Bearer |
| expires_in | Timestamp for when the token will expire |
| refresh_token | REFRESH_TOKEN: Token that can be used to refresh the Bearer Token |
| scope | The same scope that was used in the request |
Here's an example of a request:
curl --request POST \
--url https://demo.checkbook.io/web/v1/auth/oauth/token \
--header 'application/x-www-form-urlencoded' \
--data 'client_id=313910200b834c009f62ae47feeee407&grant_type=authorization_code&scope=check&code=8hXMj1T9D36qL2uzb19s5OaNnkT6Vq&redirect_uri=https://example.com&checkbook_oauth_redirect&client_secret=dXbCgzYBMibj8ZwuQMd2NXr6rtvjZ8'
And the corresponding response:
{
"access_token": "Nv6XB8OQ3IfT77Y9IknZqe87bFiF6Z",
"token_type": "Bearer",
"expires_in": 15552000,
"refresh_token": "v0sRbFofMnKB2GmMyGnoOsot1VbpDU",
"scope": "check"
}
Note
The previous request is for the demo environment and cannot be used for an actual OAuth implementation. You will need to use either the sandbox or the production authorization endpoint.
Refresh the Bearer Token
When the BEARER_TOKEN expires, you need to make another request to the endpoint at https://app.checkbook.io/web/v1/auth/oauth/token to get a new token.
Sandbox OAuth
If you want to test the OAuth flow in Sandbox, you will need to use this endpoint to get the bearer token:
https://sandbox.app.checkbook.io/web/v1/auth/oauth/token
This url accepts a POST request with the parameters:
| Request parameter | Description |
|---|---|
| client_id | Your client ID found in Developer Keys |
| grant_type | refresh_token |
| refresh_token | The REFRESH_TOKEN returned in the previous step |
| client_secret | Your secret key found in Developer Keys |
A successful request will return the JSON object with an access_token, same as the initial response for getting the Bearer token.
Here's an example of a request:
curl --request POST \
--url https://demo.checkbook.io/web/v1/auth/oauth/token \
--header 'application/x-www-form-urlencoded' \
--data 'client_id=313910200b834c009f62ae47feeee407&grant_type=refresh_token&refresh_token=v0sRbFofMnKB2GmMyGnoOsot1VbpDU'
Note
The previous request is for the demo environment and cannot be used for an actual OAuth implementation. You will need to use either the sandbox or the production authorization endpoint.
Make API Calls
The BEARER_TOKEN (i.e. the access_token from the JSON response) will be used for authentication when making API requests, instead of the normal authorization header :
Authorization: bearer BEARER_TOKEN
So for the previous example, the authorization header would need to look like this:
Authorization: bearer Nv6XB8OQ3IfT77Y9IknZqe87bFiF6Z
Updated almost 2 years ago