In order to successfully authenticate to Bud’s API services, you will first need to create a set of API credentials. This can be achieved from within the Developer Console!
The developer console allows you to manage your access to Bud's API services through the creation of different Projects. On the creation of a new project, you will be provided with an
api-credentials-secret. Please store your
api-credentials-secret securely as you will be unable to retrieve it again from Bud.
Projects (and therefore API credentials) are specific to the relevant Bud environment in which you are enrolled. If you are enrolled in more than a single Bud environment (e.g. Bud's Sandbox environment and Bud's Production environment), then you are able to toggle between these two environments within the developer console via a drop-down menu at the top of the left-hand side navigation bar (please note that this drop-down menu is not seen when enrolled into a single Bud environment).
Projects can be created, renamed, and deleted, all from within the developer console. In addition, you are able to configure webhooks specific to a given Project. These webhooks are callback URLs, which must be configured in order to use some of Bud’s products and services such as Bud’s Open Banking Aggregation solution.
Please note that by default, all users are enrolled in Bud's Sandbox environment only. Bud's sandbox environment is a mirror or Bud's production environment, however, it only permits the use of dummy data.
Having acquired a set of API credentials from the developer console, the next step is to use them to obtain valid access and refresh tokens.
Authentication to Bud’s API services is made via OAuth2 protocol, whereby your API Credentials are used in exchange for a valid
access_token is valid for a limited amount of time (one hour!), after which it will expire and you will then have to use the
refresh_token in order to obtain a new one.
Access and refresh tokens are obtained via the POST
/v1/oauth/token endpoint. Specify the
client_credentials within the request body and use HTTP Basic authentication within the request header. The basic authentication header is simply a base64 encoding of your API credentials, i.e.
Example curl request:
curl --basic --user : \
-X POST https://api-sandbox.thisisbud.com/v1/oauth/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
In order to obtain an
access_token by using a valid
refresh_token, simply make a request to the same endpoint but:
grant_typefield within the request payload to
refresh_tokenwithin the payload under the key
api-credentials-idwithin the request header under a key called
For more additional documentation in obtaining access and refresh tokens, please refer to the relevant section in Bud's API documentation.