Authentication

AbbeyCross leverages the industry-standard OAuth 2.0 protocol for seamless authentication and authorization processes.

Clients will receive API access credentials tailored for our sandbox environment as part of the initial onboarding process. These credentials, comprising a Client ID and a Client Secret.

The Client Secret holds significant sensitivity as it possesses the potential to impersonate your institution within the AbbeyCross Platform API. Consequently, it necessitates meticulous handling and storage practices, restricting access to a select few and storing it within a secure secret storage solution. Ideally, it should be segregated from other AbbeyCross data, such as user API access tokens.

For a comprehensive understanding of the OAuth 2.0 framework, we recommend refreshing your knowledge through this article.

📄️ Generate access token

Generating an OAuth 2.0 access token is a fundamental step in securing access to protected resources within financial systems and APIs. Typically, this process involves the client application presenting its credentials, such as a client ID and client secret, to the authorization server.