Once you receive the Public token, it must be exchanged for an Access token by calling the /connection/public_token/exchange endpoint. Exchanging a public token for an access token Your frontend code will listen for the event sent from the Widget that contains the Public token. You can then pass this token to your backend, where the actual exchange for an Access token will happen. This token is required to access your end-user’s account data.
⚠️ Important Security Note
This request must be made from your backend, not your frontend. Doing so protects your Client ID and secret keys from exposure.
To make the exchange request, include:
  • Your Client ID
  • The appropriate secret
  • The Public token tied to the connection
Once completed, you’ll receive:
  • A secure Access token
  • A Connection ID
You can use these for all future communications related to this specific connection.
You need the Access token for all data-related calls to the Deck API.
This token is virtually permanent for its specific connection — unless manually replaced.
Make sure to store it securely.