Getting an Access Token

Once you receive the Public token, it needs to be exchanged for an Access token by calling the /connection/public_token/exchange endpoint.

Your frontend code will listen to the event containing the Public token that is sent from the Widget. You can then make a call to your backend with this token in order to exchange it for an Access token, which is the key required to access your end-users' account data.

Make sure to send this call from your backend to ensure the security of your Client ID and keys. You need to include your Client ID, the appropriate secret and the Public token associated with this connection in the request to be able to exchange the Public token for an Access token. In the end, you will receive the secure Access token and a Connection ID which you can save for all future communications with respect to this connection.

Warning! 🔒 You will need the Access token for all calls relating to data made to the endpoints of the Deck API. The Access token should work for the specific connection it was created for until it is manually replaced. It is virtually permanent — make sure you keep it safe!