Skip to main content
POST
/
oauth2
/
token
Get Access Token
curl --request POST \
  --url https://api.ibantrack.com/api-v1/oauth2/token \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id=YOUR_CLIENT_ID \
  --data client_secret=YOUR_CLIENT_SECRET
{
  "access_token": "eyJhbGciOiJIUzI1NiItOvR5cCI6IkpXVCJ9....",
  "token_type": "Bearer",
  "expires_in": 3600
}

Authentication

The Ibantrack API uses the OAuth 2.0 Client Credentials flow where you exchange your client_id and client_secret for a temporary access_token.

Security Best Practices

Keep your credentials secret. Your Client ID and Client Secret have the power to perform financial verifications and incur costs. Never share them in client-side code, public repositories, or mobile applications.

Request Details

This specific endpoint requires the request body to be formatted as application/x-www-form-urlencoded.

Required Parameters

ParameterValueDescription
grant_typeclient_credentialsMust be exactly this value.
client_idYOUR_CLIENT_IDProvided in your Ibantrack Dashboard.
client_secretYOUR_CLIENT_SECRETProvided in your Ibantrack Dashboard.

Token Lifecycle

  • Expiration: Tokens are valid for 3600 seconds (1 hour).
  • Caching: We strongly recommend caching the token and reusing it until it expires. Requesting a new token for every single verification will trigger rate limits on the authentication server.

Using the token

Once you have received the access_token, you must include it in the header of all subsequent API calls: 
Authorization: Bearer YOUR_ACCESS_TOKEN

Body

application/x-www-form-urlencoded
grant_type
string
required
Example:

"client_credentials"

client_id
string
required
Example:

"YOUR_CLIENT_ID"

client_secret
string
required
Example:

"YOUR_CLIENT_SECRET"

Response

200 - application/json

Access token issued

access_token
string
Example:

"eyJhbGciOiJIUzI1NiItOvR5cCI6IkpXVCJ9...."

token_type
string
Example:

"Bearer"

expires_in
integer
Example:

3600