{"componentChunkName":"component---src-templates-simple-markdown-js","path":"/api-docs/best-practices/authentication/","matchPath":"","result":{"data":{"markdownRemark":{"html":"

Authentication

\n

To make a payment using any of the Ripple Payments API operations, you need a valid access token.

\n

This access token is required by all Ripple Payments API operations (except the Authentication operation itself). You must include a valid access token in the Authorization header of each request.

\n

Ripple Payments provides a secure model for authentication and authorization by providing access tokens scoped for a set of credentials.

\n

The Authentication operation returns an access token in the access_token response field. You must include your client_id and client_secret in the JSON body to get a valid access token.

\n
Note

The length of the access token isn't fixed, hence it can vary. Avoid validating tokens based on character length.

\n

Generate client ID and client secret

\n

You need your client ID and client secret to obtain an access token.

\n

If you don't already have your client ID and client secret, do the following:

\n
    \n
  1. \nLog in to \nRipple Payments\n.\n
    2. \n
  2. \nOn the top right of the page, click the \nSettings\n gear icon.\n
    3. \n
  3. \nUnder \nIntegration\n, select \nAPI Credentials\n.\n
    4. \n
  4. \nOn the top right of the page, select the access environment from the dropdown list. For example, to provision credentials for the Test environment, select \nTest\n from the dropdown list.\n
    5. \n
  5. \nIn the upper right corner of the page, click \nNew Credential\n.\n
    6. \n
  6. \nIn the \nCredential name\n field, enter a name for the credential.\n
    7. \n
  7. \nClick \nSave & Generate Key\n.\n
    8. \n
\n\n
Warning

The client secret is displayed only once when you are creating new credentials.

You can't retrieve the secret after exiting this page.

Copy and store the client secret securely and share it with authorized individuals in accordance with your organization's security policy.

\n

You can now use the client ID and client secret to generate access tokens using the authentication operation.

\n

We recommend rotating your API credentials at regular intervals in accordance with your organization's security policy.

\n

Fetch an access token

\n

Once you have your client ID and client secret, follow these steps to obtain an access token that you can use with Ripple Payments API calls:

\n

Determine the desired environment

\n

The first step to fetching an access token it to determine the environment that you want to access.

\n

The following table describes the differences in types of partners and currency for the environments that provide Ripple Payments API access. Take note of the environment string for the environment you want to access.

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
EnvironmentRequest URLEnvironment StringPartnersCurrency
Testhttps://api.test.ripple.com/v2/oauth/tokentestSimulatedSimulated
Productionhttps://api.ripple.com/v2/oauth/tokenprodActualActual
\n

Request the access token

\n

The request format for an authentication request is as follows:

\n
\n
\n
Copy
\n
Copied!
\n
\n 
POST https://api.ripple.com/v2/oauth/token\nContent-Type: application/json\n{\n   \"grant_type\":\"client_credentials\",\n   \"client_id\":\"{YOUR_CLIENT_ID}\",\n   \"client_secret\":\"{YOUR_CLIENT_SECRET}\",\n   \"audience\": \"urn:ripplexcurrent-{ENVIRONMENT_STRING}:{YOUR_TENANT_ID}\"\n}
\n
\n

The expected values are as follows:

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Key
ValueDescription
grant_typeclient_credentialsSet the grant-type for this client credentials request.
client_id{YOUR_CLIENT_ID}Log into Ripple Payments UI to retrieve your client ID for Ripple Payments.
client_secret{YOUR_CLIENT_SECRET}Retrieve the client secret for Ripple Payments that was generated when you created the current set of credentials in Ripple Payments UI.
audienceurn:ripplexcurrent-{ENVIRONMENT_STRING}:{YOUR_TENANT_ID}The value of the audience field is based on URN syntax. The second component of the URN must refer to the environment which you want to access. Ripple integration engineers provide you your tenant ID (the third component of the URN) during training.
\n

Examples:

\n

Request Example (Production Environment Success) – A successful request to a production environment may look similar to the following example:

\n
\n
\n
Copy
\n
Copied!
\n
\n 
POST https://api.ripple.com/v2/oauth/token\nContent-Type: application/json\n{\n    \"grant_type\": \"client_credentials\",\n    \"client_id\": \"{YOUR_CLIENT_ID}\",\n    \"client_secret\": \"{YOUR_CLIENT_SECRET}\",\n    \"audience\": \"urn:ripplexcurrent-prod:{YOUR_TENANT_ID}\"\n}
\n
\n

Response Example (Production Environment Success) – A successful request returns a response similar to the following example:

\n
\n
\n
Copy
\n
Copied!
\n
\n 
{\n    \"access_token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJ\",\n    \"expires_in\": 3600,\n    \"token_type\": \"Bearer\",\n    \"scope\": \"keys:read keys:write payments:create quotes:create identities:create audit:read\"\n}
\n
\n

Test the access token

\n

Use the /oauth/token/test endpoint to verify the validity of your access token for a specific Ripple environment and determine the remaining time before it expires.

\n

Example token test

\n

This example demonstrates how to use the /oauth/token/test endpoint to test an access token.

\n

Here, we apply the access token eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJ to the Authorization: Bearer header.

\n
\n
\n
Copy
\n
Copied!
\n
\n 
GET https://api.ripple.com/v2/oauth/token/test\nAuthorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJ
\n
\n
Caution : Access tokens are confidential

Remember to replace the example token eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJ with your actual access token, and never share your access token publicly.

\n

Example token test response

\n

The response is a JSON object with the following properties:

\n\n
\n
\n
Copy
\n
Copied!
\n
\n 
{\n\"message\": \"token_ok\",\n\"seconds_to_expiry\": 3600\n}
\n
\n

Authorize Ripple Payments API operations using the access token

\n

Ripple Payments uses Bearer Token Authorization for all operations (except the Authentication operation itself). To make successful Ripple Payments API requests, include a valid access token in the Authorization header of each request in the following format:

\n
\n
\n
Copy
\n
Copied!
\n
\n 
Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJ
\n
\n

To use this in an in an API request, add the value of the access_token field to the Authorization header for all Ripple Payments API operations (except the Authentication operation itself). Remember to add Bearer (including a space) before the access token.

\n

For example:

\n
\n
\n
Copy
\n
Copied!
\n
\n 
GET https://api.ripple.com/v2/payments/{YOUR_PAYMENT_ID}\nAuthorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJ
\n
\n

Access token expiration and caching

\n

Access tokens are valid for 1 hour. After you get a new token, it is cached for a limited amount of time. To avoid problems caused by double caching, don't cache the token client-side. If you do cache the token, you must clear the cache within the time period specified by the expires_in field (as specified by the exp claim in the JWT) in the response body.

\n","headings":[{"value":"Authentication","depth":1},{"value":"Generate client ID and client secret","depth":2},{"value":"Fetch an access token","depth":2},{"value":"Determine the desired environment","depth":3},{"value":"Request the access token","depth":3},{"value":"Test the access token","depth":3},{"value":"Example token test","depth":4},{"value":"Example token test response","depth":4},{"value":"Authorize Ripple Payments API operations using the access token","depth":2},{"value":"Access token expiration and caching","depth":2}]},"contentItem":{"data":{"lastModified":"2025-11-13T00:24:58.000Z","enableToc":null,"disableLastModified":null,"tocMaxDepth":3,"requestLogin":false}},"siteConfig":{"enableToc":false,"disableLastModified":true,"tocMaxDepth":4}},"pageContext":{"matchPath":"","id":"33cb32a7-64b3-553c-800c-c5627d27c171__redocly content/api-docs/best-practices/authentication/","seo":{"title":"Authentication","description":null,"image":"","keywords":null,"jsonLd":null,"lang":null,"siteUrl":null},"pageId":"api-docs/best-practices/authentication.md","pageBaseUrl":"/api-docs/best-practices/authentication","type":"markdown","toc":{"enable":true,"maxDepth":3,"headings":[{"depth":1,"value":"Authentication","id":"authentication"},{"depth":2,"value":"Generate client ID and client secret","id":"generate-client-id-and-client-secret"},{"depth":2,"value":"Fetch an access token","id":"fetch-an-access-token"},{"depth":3,"value":"Determine the desired environment","id":"determine-the-desired-environment"},{"depth":3,"value":"Request the access token","id":"request-the-access-token"},{"depth":3,"value":"Test the access token","id":"test-the-access-token"},{"depth":4,"value":"Example token test","id":"example-token-test"},{"depth":4,"value":"Example token test response","id":"example-token-test-response"},{"depth":2,"value":"Authorize Ripple Payments API operations using the access token","id":"authorize-ripple-payments-api-operations-using-the-access-token"},{"depth":2,"value":"Access token expiration and caching","id":"access-token-expiration-and-caching"}]},"data":{"title":"","tocMaxDepth":3},"catalogInfo":null,"link":"/api-docs/best-practices/authentication/","sidebarName":"__root-sidebar__-data-69308394-sidebars.yaml","isLanding":false,"showPrevButton":null,"showNextButton":null,"apiVersions":null,"apiVersionId":null,"isDefaultApiVersion":null}},"staticQueryHashes":["1123603147","1302185487","1344209882","1398840060","1520077861","1975142765","2667623876","2950305614","3240152602","3743992808","561138138"]}