All API operations in UAT and Production require a Bearer access token specific to the environment you're using. Ripple provides a secure model for authentication and authorization by providing access tokens scoped for a set of credentials.
You will need your client ID and client secret to obtain an access token.
If you do not already have your client ID and client secret, do the following:
- Log into the Ripple Collections UI.
- In the left navigation menu, click Settings.
- Under Administration, click API Credentials.
- In the dropdown list next to the page title, select the access environment. For example, to provision credentials for the test environment, select Test from the dropdown list.
- In the upper right corner of the page, click New Credential.
- Click Save and Generate Key.
Caution: The client secret is displayed only once when you are creating new credentials. You cannot retrieve the secret after exiting this page. Copy and store the client secret securely and share it with authorized individuals in accordance with your organization's security policy.
You can now use the client ID and client secret to generate access tokens using the Request an access token operation.
To get an access token, use the Request an access token operation with your client_id and client_secret. The response contains a token in the access_token field.
We recommend rotating your API credentials at regular intervals according to your organization's security policy.
Note: Authentication tokens are not a fixed length and can vary, avoid validating tokens based on character length.