Skip to main content

Overview

Every request to the Trace Finance API must include a valid JSON Web Token (JWT) in the Authorization header. During onboarding you receive a client ID and client secret. Use these to obtain an access token from the Trace Finance authentication service.

Details

Obtaining a token

Request an access token from the token endpoint:
A successful response includes the token and its lifetime:

Using the token

Include the token in the Authorization header of every request:
The token contains your customer identity — no separate customer ID header is needed.

Token lifecycle

Tokens are valid for 23 hours (82,800 seconds). Follow these best practices:
  1. Store securely — keep the token in memory after obtaining it.
  2. Check before use — inspect the exp claim in the JWT payload to confirm it has not expired.
  3. Rotate proactively — request a new token before the current one expires rather than waiting for a 401 response.
Do not request a new token for every API call. Reuse tokens until they expire.