In order to successfully authenticate to Bud’s API services, you will first need to create a set of API credentials. This can be achieved from within the Developer Console!
The developer console allows you to manage your access to Bud's API services through the creation of different Projects. On the creation of a new project, you will be provided with an api-credentials-id
and api-credentials-secret
. Please store your api-credentials-secret
securely as you will be unable to retrieve it again from Bud.
Projects (and therefore API credentials) are specific to the relevant Bud environment in which you are enrolled. If you are enrolled in more than a single Bud environment (e.g. Bud's Sandbox environment and Bud's Production environment), then you are able to toggle between these two environments within the developer console via a drop-down menu at the top of the left-hand side navigation bar (please note that this drop-down menu is not seen when enrolled into a single Bud environment).
Projects can be created, renamed, and deleted, all from within the developer console. In addition, you are able to configure webhooks specific to a given Project. These webhooks are callback URLs, which must be configured in order to use some of Bud’s products and services such as Bud’s Open Banking Aggregation solution.
Please note that by default, all users are enrolled in Bud's Sandbox environment only. Bud's sandbox environment is a mirror or Bud's production environment, however, it only permits the use of dummy data.
Having acquired a set of API credentials from the developer console, the next step is to use them to obtain valid access and refresh tokens.
Authentication to Bud’s API services is made via OAuth2 protocol, whereby your API Credentials are used in exchange for a valid access_token
and refresh_token
. The access_token
is valid for a limited amount of time (one hour!), after which it will expire and you will then have to use the refresh_token
in order to obtain a new one.
Access and refresh tokens are obtained via the POST /v1/oauth/token
endpoint. Specify the grant_type
as client_credentials
within the request body and use HTTP Basic authentication within the request header. The basic authentication header is simply a base64 encoding of your API credentials, i.e. base64({api-credentials-id}:{api-credentials-secret})
.
Example curl request:
curl --basic --user : \
-X POST https://api-sandbox.thisisbud.com/v1/oauth/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d grant_type=client_credentials
Successful response:
{
"operation_id": "oauth_token_post",
"data": {
"access_token": "dd0c17e3fd6d2ce94aa091257a3ea393b4f9b5cf3d3e998f07dc9826da86ff15",
"token_type": "bearer",
"expires_in": 3600,
"refresh_token": "fac32cca7559d9f6e8f1dfe9a99c71fa1dcfeb482bedf287d7934d2667ae54b3"
}
}
In order to obtain an access_token
by using a valid refresh_token
, simply make a request to the same endpoint but:
grant_type
field within the request payload to refresh_token
;refresh_token
within the payload under the key refresh_token
;api-credentials-id
within the request header under a key called X-Client-Id
.For more additional documentation in obtaining access and refresh tokens, please refer to the relevant section in Bud's API documentation.
Bud is the trading name of Bud Financial Limited, a company registered in England and Wales (No. 9651629).
Bud Website - Privacy Policy | Terms & Conditions | Data privacy statement for candidates | Cookie Notice | Bud Sandbox Terms and Conditions | Your rights - Payments | End User Agreement
Bud® is authorised and regulated by the Financial Conduct Authority under registration number 765768 + 793327.