User authentication

Authentication is a crucial aspect of accessing resources in the Bridge API. Some resources are public, like banks and categories, where only a Client-Id is required. However, for most resources, authentication with a logged-in user is necessary.

To authenticate a user in a Server-to-Server manner, follow these steps:

Step 1: Authenticate User

Use the following endpoint to authenticate a user:


The User resource is an abstraction of the end user, so you need to authenticate him in a Server-to-Server way. That means no action is needed from his part.

curl '' \
	-X POST \
	-H 'Bridge-Version: 2021-06-01' \
	-H 'Content-Type: application/json' \  
	-H 'Client-Id: MY_CLIENT_ID' \
	-H 'Client-Secret: MY_CLIENT_SECRET' \
	-d $'{
  	"email": "[email protected]",
  	"password": "password123"

The response will contain an access_token:

  "access_token": "...",
  "expires_at": "2019-05-06T11:08:25.040Z",
  "user": {
    "uuid": "c2a26c9e-dc23-4f67-b887-bbae0f26c415",
    "email": "[email protected]"

Step 2: Use Access Token

To perform authenticated API calls, include the access_token in the Authorization request header using the bearer authentication scheme. Here's an example:

curl "" \
	-X GET \
	-H 'Bridge-Version: 2021-06-01' \
	-H 'Client-Id: MY_CLIENT_ID' \
	-H 'Client-Secret: MY_CLIENT_SECRET' \
	-H 'Authorization: Bearer TOP_SECRET_ACCESS_TOKEN'


Session expiration

Keep in mind that the OAuth token is valid for two hours (UTC+0) after issuance. If the token expires, attempts to make calls with it will result in an HTTP 401 error, requiring a new authentication.