🔑

Access Token

Every request to a protected endpoint requires a short-lived Bearer token. Exchange your source-key for a JWT valid for 5 minutes to authenticate downstream API requests.

⏱ 5-minute expiry🔐 Bearer JWT🌐 IP Whitelisted

How It Works

1

Obtain your source-key

Contact technology@mysourcebank.com to receive your source-key. It will be shared with you through a private, secure channel.

2

Request an access token

Call the Get Access Token endpoint, passing your source-key as a request header. The server returns a signed JWT accessToken.

3

Authenticate your requests

Attach the returned token to every subsequent call as Authorization: Bearer <token>. This grants access to all protected endpoints.

4

Renew before expiry

The token expires in 5 minutes (expiresIn: 300). Build proactive token refresh into your client to prevent 401 Unauthorized errors during active sessions.

Security Requirements

Token Expiry

Access tokens are valid for 5 minutes only. Implement automatic renewal in your integration — requests with a lapsed token will be rejected with 401 Unauthorized.

IP Whitelisting

Our APIs only accept requests from pre-approved IP addresses. Requests originating from outside the allowed list are rejected. Contact us to register your server IPs before going live.

Endpoint

GET

Get Access Token

Interactive Scalar API reference for the v2 token endpoint. Includes a live request builder and detailed response schemas.