Authentication options

Authenticating to our API

The Berkeley API leverages the Bearer token authentication scheme for both Public and Private API tokens. All request must contain an Authorization Header.

`Authorization: Bearer < token >

All API requests must be made over HTTPS for them to pass.

Public Token

A token that can be included in client side applications such as Web Pages, or Mobile applications. This token only allows you to tokenize Financial Account information.

Private Token

This token should be kept secret and safe. This token is responsible for accessing all methods in the Berkeley API except for tokenization. This API Token should be used by the server component of your application.

Temporary keys

Temporary keys are used as a short lived alternative to the standard bearer token. That can be used on all endpoints except to create or delete a new authentication key.