Skip to content

Authentication API

The Authentication API allows you to generate access tokens to authenticate with Ripple APIs.

All API operations require an access token specific to the environment you're using. Ripple provides a secure model for authentication and authorization by providing access tokens scoped for a set of credentials.

The Authentication operation returns an access token in the access_token response field. You must include your client_id and client_secret in the JSON request body to get a valid access token.

Generate client ID and client secret

You will need your client ID and client secret to obtain an access token.

If you do not already have your client ID and client secret, do the following:

  1. Log into Ripple Payments UI.
  2. In the left navigation menu, click Settings.
  3. Under Administration, click API Credentials.
  4. In the dropdown list next to the page title, select the access environment. For example, to provision credentials for the test environment, select Test from the dropdown list.
  5. In the upper right corner of the page, click New Credential.
  6. Click Save and Generate Key.

Caution: The client secret is displayed only once when you are creating new credentials. You cannot retrieve the secret after exiting this page. Copy and store the client secret securely and share it with authorized individuals in accordance with your organization's security policy.

You can now use the client ID and client secret to generate access tokens using the Authentication operation.

We recommend rotating your API credentials at regular intervals according to your organization's security policy.

Fetch an access token

Once you have your client ID and client secret, follow these steps to get an access token to use with Ripple Payments Direct API calls:

Step 1: Determine the desired environment

The first step to request an access token is to determine the environment where you want to use the API.

The following table describes the different environments that provide Ripple Payments Direct API access. Take note of the environment string for the environment you want to access.

EnvironmentRequest URLEnvironment StringCurrency
Testhttps://auth-test.rnc.ripplenet.com/oauth/tokentestSimulated
Productionhttps://auth.rnc.ripplenet.com/oauth/tokenprodActual
Languages
Servers
Mock server

https://docs.ripple.com/_mock/products/payments-direct/api-docs/auth-proxy/reference/auth-proxy-external/

Authentication

Operations

Request an access token

Request

Request an access token for authentication with Ripple APIs.

You need to request a token for the environment you want to authenticate with.

Note: The length of the access token isn't fixed, hence it can vary. Avoid validating tokens based on character length.

Environments

EnvironmentDomainDescription
Testauth-test.rnc.ripplenet.comTest environment with simulated partners and simulated currency.
Productionauth.rnc.ripplenet.comProduction environment for Ripple's internal services.
Security
BasicAuth
Headers
Authorizationstring

Optional base64-encoded client_id:client_secret.

If provided here they aren't required in the request body.

Example: Basic ZGVtbzpwQDU1dzByZA==
Body
required
client_idstringrequired

The client ID associated with a specific set of API credentials.

See API authentication for instructions obtaining your client ID.

Example: "{YOUR_CLIENT_ID}"
client_secretstringrequired

The client secret associated with a specific set of API credentials.

See API authentication for instructions obtaining your client secret.

Example: "{YOUR_CLIENT_SECRET}"
audiencestringrequired

The value of the audience field is based on URN syntax.

Format: urn:ripplexcurrent-{ENVIRONMENT_STRING}:{YOUR_TENANT_ID}

  • The first component is urn:ripplenetxcurrent-.
  • The second component refers to the environment you want to access.
  • The third component is your tenant ID. Ripple integration engineers provide this component during training.
EnvironmentEnvironment stringDescription
TesttestTest environment with simulated partners and simulated currency.
ProductionprodProduction environment for Ripple's internal services.

Example: urn:ripplexcurrent-prod:{YOUR_TENANT_ID}

Example: "urn:ripplexcurrent-prod:{YOUR_TENANT_ID}"
grant_typestringrequired

Set the grant-type for this client credentials request. This must be set to client_credentials.

Value"client_credentials"
Example: "client_credentials"
curl -i -X POST \
  -u <username>:<password> \
  https://docs.ripple.com/_mock/products/payments-direct/api-docs/auth-proxy/reference/auth-proxy-external/oauth/token \
  -H 'Authorization: Basic ZGVtbzpwQDU1dzByZA==' \
  -H 'Content-Type: application/json' \
  -d '{
    "client_id": "{YOUR_CLIENT_ID}",
    "client_secret": "{YOUR_CLIENT_SECRET}",
    "audience": "urn:ripplexcurrent-prod:{YOUR_TENANT_ID}",
    "grant_type": "client_credentials"
  }'

Responses

Returns the authentication response object that includes the token, type, scopes, and expiry.

Bodyapplication/json
access_tokenstring

The bearer token you use when authenticating with a Ripple API.

Example: "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJ"
scopestring

List of scopes applied to your access_token.

Example: "identities:create identities:read identities:write quote_collections:write payments:accept payments:read routing_table:lookup"
expires_ininteger(int64)

How long your access_token is valid. You need to request a new token when it expires.

Example: 3600
token_typestring

The type of token. Ripple APIs use Bearer auth tokens.

Example: "Bearer"
Response
application/json
{
  "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJ",
  "scope": "identities:create identities:read identities:write quote_collections:write payments:accept payments:read routing_table:lookup",
  "expires_in": 3600,
  "token_type": "Bearer"
}

Test access token

Request

Test if an access token can be used for authentication with Ripple APIs and how much time remains on it.

Security
Bearer
curl -i -X GET \
  https://docs.ripple.com/_mock/products/payments-direct/api-docs/auth-proxy/reference/auth-proxy-external/oauth/token/test \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

If a valid access token is supplied, the time remaining before the token expires is returned.

Bodyapplication/jsonArray [
messagestring

Success message

Example: "token_ok"
seconds_to_expiryinteger(int64)

Remaining time in seconds before the tested token expires.

Example: 3600
]
Response
application/json
[
  {
    "message": "token_ok",
    "seconds_to_expiry": 3600
  }
]