Overview
Every request to the Trace Finance API must include a valid JSON Web Token (JWT) in the Authorization header.
During onboarding you receive a client ID and client secret. Use these to obtain an access token from the Trace Finance authentication service.
Details
Obtaining a token
Request an access token from the token endpoint:
A successful response includes the token and its lifetime:
Using the token
Include the token in the Authorization header of every request:
The token contains your customer identity — no separate customer ID header is needed.
Token lifecycle
Tokens are valid for 23 hours (82,800 seconds). Follow these best practices:
- Store securely — keep the token in memory after obtaining it.
- Check before use — inspect the
exp claim in the JWT payload to confirm it has not expired.
- Rotate proactively — request a new token before the current one expires rather than waiting for a
401 response.
Do not request a new token for every API call. Reuse tokens until they expire.