Skip to main content

Overview

Every request to the Trace Finance API must include a valid JSON Web Token (JWT) in the Authorization header. During onboarding you receive a client ID and client secret. Use these to obtain an access token from the Trace Finance authentication service.

Details

Obtaining a token

Request an access token from the token endpoint: 
curl --request POST \
  --url https://api.sandbox.tracefinance.com/api/oauth/client/token \
  --header 'Content-Type: application/json' \
  --data '{
    "clientId": "YOUR_CLIENT_ID",
    "clientSecret": "YOUR_CLIENT_SECRET"
  }'
A successful response includes the token and its lifetime: 
{
  "accessToken": "eyJhbGciOiJSUzI1NiIs...",
  "tokenType": "Bearer",
  "expiresIn": 82800
}

Using the token

Include the token in the Authorization header of every request: 
curl --request GET \
  --url https://api.sandbox.tracefinance.com/api/accounts \
  --header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIs...'
The token contains your customer identity — no separate customer ID header is needed.

Token lifecycle

Tokens are valid for 23 hours (82,800 seconds). Follow these best practices:
  1. Store securely — keep the token in memory after obtaining it.
  2. Check before use — inspect the exp claim in the JWT payload to confirm it has not expired.
  3. Rotate proactively — request a new token before the current one expires rather than waiting for a 401 response.
Do not request a new token for every API call. Reuse tokens until they expire.