Get Access Token

curl --request POST \
  --url https://api.ibantrack.com/api-v1/oauth2/token \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id=YOUR_CLIENT_ID \
  --data client_secret=YOUR_CLIENT_SECRET

{
  "access_token": "eyJhbGciOiJIUzI1NiItOvR5cCI6IkpXVCJ9....",
  "token_type": "Bearer",
  "expires_in": 3600
}

POST

oauth2

token

Get Access Token

curl --request POST \
  --url https://api.ibantrack.com/api-v1/oauth2/token \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id=YOUR_CLIENT_ID \
  --data client_secret=YOUR_CLIENT_SECRET

{
  "access_token": "eyJhbGciOiJIUzI1NiItOvR5cCI6IkpXVCJ9....",
  "token_type": "Bearer",
  "expires_in": 3600
}

Authentication

The Ibantrack API uses the OAuth 2.0 Client Credentials flow where you exchange your client_id and client_secret for a temporary access_token.

Security Best Practices

Keep your credentials secret. Your Client ID and Client Secret have the power to perform financial verifications and incur costs. Never share them in client-side code, public repositories, or mobile applications.

Request Details

This specific endpoint requires the request body to be formatted as application/x-www-form-urlencoded.

Required Parameters

Parameter	Value	Description
`grant_type`	`client_credentials`	Must be exactly this value.
`client_id`	`YOUR_CLIENT_ID`	Provided in your Ibantrack Dashboard.
`client_secret`	`YOUR_CLIENT_SECRET`	Provided in your Ibantrack Dashboard.

Token Lifecycle

Expiration: Tokens are valid for 3600 seconds (1 hour).
Caching: We strongly recommend caching the token and reusing it until it expires. Requesting a new token for every single verification will trigger rate limits on the authentication server.

Using the token

Once you have received the access_token, you must include it in the header of all subsequent API calls:

Authorization: Bearer YOUR_ACCESS_TOKEN

Body

application/x-www-form-urlencoded

grant_type

string

required

Example:

"client_credentials"

client_id

string

required

Example:

"YOUR_CLIENT_ID"

client_secret

string

required

Example:

"YOUR_CLIENT_SECRET"

Response

200 - application/json

Access token issued

access_token

string

read-only

Example:

"eyJhbGciOiJIUzI1NiItOvR5cCI6IkpXVCJ9...."

token_type

string

read-only

Example:

"Bearer"

expires_in

integer

read-only

Example:

3600

Error Handling Verify IBAN holder

​Authentication

​Security Best Practices

​Request Details

​Required Parameters

​Token Lifecycle

​Using the token

Body

Response

Authentication

Security Best Practices

Request Details

Required Parameters

Token Lifecycle

Using the token