Get access token
Returns a JWT access token using OAuth 2.0 Client Credentials. Send api_key and api_secret in the Authorization: Basic header as the base64-encoded string api_key:api_secret.
Credentials are managed in Conta Simples Internet Banking.
Important:
- The token expires in 30 minutes (
expires_in: 1800). - Refresh the token before it expires to avoid interruptions.
- Use
Content-Type: application/x-www-form-urlencodedin the body (onlygrant_type=client_credentials).
curl -X POST "https://api-sandbox.contasimples.com/oauth/v1/access-token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "Authorization: Basic YOUR_CREDENTIALS" \
--data-urlencode grant_type=client_credentials
import requests
import json
url = "https://api-sandbox.contasimples.com/oauth/v1/access-token"
headers = {
"Content-Type": "application/x-www-form-urlencoded",
"Authorization": "Basic YOUR_CREDENTIALS"
}
data = {
"grant_type": "client_credentials"
}
response = requests.post(url, headers=headers, data=data)
print(response.json())
const params = new URLSearchParams();
params.append("grant_type", "client_credentials");
const response = await fetch("https://api-sandbox.contasimples.com/oauth/v1/access-token", {
method: "POST",
headers: {
"Content-Type": "application/x-www-form-urlencoded",
"Authorization": "Basic YOUR_CREDENTIALS"
},
body: params
});
const data = await response.json();
console.log(data);
package main
import (
"fmt"
"net/http"
"net/url"
"strings"
)
func main() {
data := url.Values{}
data.Set("grant_type", "client_credentials")
req, err := http.NewRequest("POST", "https://api-sandbox.contasimples.com/oauth/v1/access-token", strings.NewReader(data.Encode()))
if err != nil {
panic(err)
}
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Authorization", "Basic YOUR_CREDENTIALS")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
fmt.Println("Response Status:", resp.Status)
}
require 'net/http'
require 'json'
uri = URI('https://api-sandbox.contasimples.com/oauth/v1/access-token')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
request = Net::HTTP::Post.new(uri)
request['Content-Type'] = 'application/x-www-form-urlencoded'
request['Authorization'] = 'Basic YOUR_CREDENTIALS'
request.set_form([
["grant_type", "client_credentials"]
], 'application/x-www-form-urlencoded')
response = http.request(request)
puts response.body
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "Bearer",
"expires_in": 1800
}
{
"error": "Bad Request",
"message": "The request contains invalid parameters or malformed data",
"code": 400,
"details": [
{
"field": "email",
"message": "Invalid email format"
}
]
}
{
"error": "Unauthorized",
"message": "Authentication required. Please provide a valid API token",
"code": 401
}
{
"error": "Not Found",
"message": "The requested resource was not found",
"code": 404
}
{
"error": "Internal Server Error",
"message": "An unexpected error occurred on the server",
"code": 500,
"requestId": "req_1234567890"
}
/oauth/v1/access-token
Target server for requests. Edit to use your own host.
Username for basic authentication
Password for basic authentication
Authorization: Basic {base64(api_key:api_secret)}The media type of the request body
OAuth 2.0 grant type. Always client_credentials.
Request Preview
Response
Response will appear here after sending the request
Authentication
Basic authentication credentials. API key and API secret as api_key:api_secret, base64-encoded. Header: Authorization: Basic \{base64(api_key:api_secret)\}
Body
OAuth 2.0 grant type. Always client_credentials.
client_credentialsResponses
JWT used to call the API. Pass it as Authorization: Bearer {token}.
Token type. Always Bearer.
BearerToken lifetime in seconds. Default: 1800 (30 minutes).
Invalid request. Check grant_type, Content-Type, and parameter format.
Invalid credentials. Check that the API key and API secret are correct.
Resource not found. Check the path and your permissions.
Internal server error. Retry with exponential backoff.