Authenticate

📘
This example uses the https://api.sandbox.caliza.com/core-api/v1 base URL. Examples are provided in multiple languages (cURL, JavaScript, Python). If you're using Postman, Swagger, or any other API Graphical User Interface, use this URL to follow this guide.

To authenticate with the Caliza API, you'll need to obtain your credentials first. Follow these steps:

Access your Caliza dashboard at https://web.sandbox.caliza.com
On your dashboard, access your Profile information by clicking on Personal menu > Profile.
On the Profile screen, select step 2, Client Info.
Copy the Client ID and the Client Secret.

Once you have your credentials, you can authenticate using any of the following methods. Replace the placeholders ({{CLIENT_ID}}, {{CLIENT_SECRET}}, {{USERNAME}}, and {{PASSWORD}}) with your actual values:

curl --location --request POST 'https://api.sandbox.caliza.com/auth/realms/caliza/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'client_id={{CLIENT_ID}}' \
--data-urlencode 'client_secret={{CLIENT_SECRET}}' \
--data-urlencode 'username={{USERNAME}}' \
--data-urlencode 'password={{PASSWORD}}'

const response = await axios.post(
  'https://api.sandbox.caliza.com/auth/realms/caliza/protocol/openid-connect/token',
  new URLSearchParams({
    grant_type: 'password',
    client_id: '{{CLIENT_ID}}',
    client_secret: '{{CLIENT_SECRET}}',
    username: '{{USERNAME}}',
    password: '{{PASSWORD}}'
  }),
  {
    headers: {
      'Content-Type': 'application/x-www-form-urlencoded'
    }
  }
);

console.log('Access Token:', response.data.access_token);

import requests

    response = requests.post(
      'https://api.sandbox.caliza.com/auth/realms/caliza/protocol/openid-connect/token',
      headers={'Content-Type': 'application/x-www-form-urlencoded'},
      data={
        'grant_type': 'password',
        'client_id': '{{CLIENT_ID}}',
        'client_secret': '{{CLIENT_SECRET}}',
        'username': '{{USERNAME}}',
        'password': '{{PASSWORD}}'
      }
    )

    token_data = response.json()
    print('Access Token:', token_data['access_token'])

All three methods above return the same JSON response:

{
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ0Z3V6eTVTWkZUWUhtVUVxU1FNaVJ6NUdVY28ydVFubXB6TXE1QlZteUlZIn0.eyJleHAiOjE3NjQxMjE3NjgsImlhdCI6MTc2NDA4NTc2OCwianRpIjoiNGIyYTBmMGItNGMyNy00N2E4LWI3YmUtYzU1OTk4Y2ZhNDc0IiwiaXNzIjoiaHR0cHM6Ly9hcGkuc2FuZGJveC5jYWxpemEuY29tL2F1dGgvcmVhbG1zL2NhbGl6YSIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiJmOWE5ODI4NC1iMzRlLTRiMzAtYjdhZS00OWRkNmNmYzZhOGEiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJpbnRlZ3JhdG9yLVdyaXRlQ2hvaWNlLUdyb3VwLTItZjQ2ZjNmZTMtMDM5MC00ZDU1LTgxMWEtMTY0NzFjNzRiNmUxIiwic2Vzc2lvbl9zdGF0ZSI6ImM5MTk0ZWIyLTgzY2QtNGU4Ni04ZTk2LWFlZjE4YTQ2NjhhZSIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiKiJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiUk9MRV9WSUVXX0FDVElWSVRZIiwiUk9MRV9DUkVBVEVfVFJBTlNBQ1RJT05TIiwiUk9MRV9JTlRFR1JBVE9SIiwib2ZmbGluZV9hY2Nlc3MiLCJkZWZhdWx0LXJvbGVzLWNhbGl6YSIsIlJPTEVfTUFOQUdFX1BBWU1FTlRfQ09OVEFDVFMiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoiZW1haWwgb3BlbmlkIHByb2ZpbGUiLCJzaWQiOiJjOTE5NGViMi04M2NkLTRlODYtOGU5Ni1hZWYxOGE0NjY4YWUiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwibmFtZSI6IldyaXRlQ2hvaWNlIEdyb3VwIDIgTW9yYWVzIiwiaW50ZWdyYXRvci1pZCI6IjY5MjA5MjVmZGJhZGZlMDliMWJmOWU1ZSIsInByZWZlcnJlZF91c2VybmFtZSI6InBhdWxvQHdyaXRlY2hvaWNlLmlvIiwiZ2l2ZW5fbmFtZSI6IldyaXRlQ2hvaWNlIEdyb3VwIDIiLCJmYW1pbHlfbmFtZSI6Ik1vcmFlcyIsImVtYWlsIjoicGF1bG9Ad3JpdGVjaG9pY2UuaW8ifQ.AbtX_qIv0FlMugy1w_VWhSj1FrAcTzV4DwenzrrNxylhtbT3_Q5nnG83iI08zkUBsVLNmVVZRD790h4M2qHQ6dJR-AGiWc-cC-9M8Wmf2Cy8eOWkZNozx4-eRIC6AYvnBI0cw6msU05F8nLEX8GMbZ1wWHEwaJsFj-jLc-9k7f7OokGXgPGW-huBgL91N-rh3FEkYAagx3m10QX2d9rTkFkHohluYFP_7v6rBboCWor-TeCqM7nc9owsw7NxG7ylRudZJR2xjFLPY-1-5YFo-AgViSANv66Ol5Miu7Jg_ylqhJm5lq9eHSqUlQaK0cJutuyqTacYs4ukD4sPKH8b9g",
    "expires_in": 86400,
    "refresh_expires_in": 1800,
    "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlOTM5ZWQ3YS1kNjc0LTRlY2ItYTg4OC0zNzA3ZTY1ZDJhMmMifQ.eyJleHAiOjE3NjQwODc1NjgsImlhdCI6MTc2NDA4NTc2OCwianRpIjoiMzQwOTk5NjktMTkwNS00ZThlLWJkMDgtMDE1N2E4MWY5ZmE4IiwiaXNzIjoiaHR0cHM6Ly9hcGkuc2FuZGJveC5jYWxpemEuY29tL2F1dGgvcmVhbG1zL2NhbGl6YSIsImF1ZCI6Imh0dHBzOi8vYXBpLnNhbmRib3guY2FsaXphLmNvbS9hdXRoL3JlYWxtcy9jYWxpemEiLCJzdWIiOiJmOWE5ODI4NC1iMzRlLTRiMzAtYjdhZS00OWRkNmNmYzZhOGEiLCJ0eXAiOiJSZWZyZXNoIiwiYXpwIjoiaW50ZWdyYXRvci1Xcml0ZUNob2ljZS1Hcm91cC0yLWY0NmYzZmUzLTAzOTAtNGQ1NS04MTFhLTE2NDcxYzc0YjZlMSIsInNlc3Npb25fc3RhdGUiOiJjOTE5NGViMi04M2NkLTRlODYtOGU5Ni1hZWYxOGE0NjY4YWUiLCJzY29wZSI6ImVtYWlsIG9wZW5pZCBwcm9maWxlIiwic2lkIjoiYzkxOTRlYjItODNjZC00ZTg2LThlOTYtYWVmMThhNDY2OGFlIn0.siKyXuWAarbs2schgFV2sW71pF__PjPNgY68PXBoTOg",
    "token_type": "Bearer",
    "not-before-policy": 0,
    "session_state": "c9194eb2-83cd-4e86-8e96-aef18a4668ae",
    "scope": "email openid profile"
}

The response contains your authentication token. You will find the access_token field in the response, which you'll use to authenticate all subsequent API requests.

💡
Extracting the token: In JavaScript, access the token via response.data.access_token. In Python, use response.json()['access_token']. For cURL, parse the JSON response to extract the access_token field.

Now you have an access token that's ready to access and operate with the Caliza API. Include this token in the Authorization header of all subsequent API requests as Authorization: Bearer {{ACCESS_TOKEN}}.

Next steps

How to get the integrator ID

Get your integrator ID.

How to manage beneficiaries

Manage your beneficiaries.

How to create virtual accounts

Manage your virtual accounts.

Manage Recipients

Manage your Recicipients.