4. Get the access token
In order to send requests to the API, you must first get your access token.
Request
You must provide the headers and parameters listed below.
Certificates
You must use a transport certificate and its private key in order to request an access token.
For Sandbox testing, you can use the
transport.pemcertificate file which you obtained in Convert certificates, together with the private key generated in step Generate a CSR.For Production, you must use a valid OBIE or eIDAS transport certificate from a regulated Certificate Authority (CA), and its corresponding private key.
Revolut Open Banking API servers use certificates issued by Open Banking Limited.
You can find the root and issuing certificates here if you need to add them to your truststore.
Headers
Content-Type: application/x-www-form-urlencoded
Parameters
grant_type: Must be set toclient_credentialsto get the access token.scope: Must be set toaccounts.
Example
The parameters -k or --insecure are not necessary if you added Open Banking Root and Issuing certificates to your truststore.
curl -k --cert transport.pem --key private.key \
--location -X POST 'https://oba-auth.revolut.com/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials' \
-d 'scope=accounts'
Response
The response contains the following JSON object:
{
"access_token":"<access token>",
"token_type":"Bearer",
"expires_in":2399
}
What's next
Use this access token as the authentication bearer for all subsequent requests to the API, as described in the Tutorials section. Once your token expires, repeat the steps above to create a new token.