Kobble
  1. Authorization
Kobble
  • Introduction
  • API Fundamentals
    • Idempotency
    • Rate Limits
  • Authorization
    • Authorization
    • Get access token
      POST
  • Beneficiaries
    • List all beneficiaries
      GET
    • Get beneficiary by ID
      GET
    • Create beneficiary
      POST
    • Update beneficiary
      PUT
  • Cards
    • Cards API
    • Get all cards
      GET
    • Create a new card
      POST
    • Get card by ID
      GET
    • Update card status
      PATCH
    • Replace or renew card
      POST
    • Generate card secret
      POST
  • Card Programs
    • Card Programs API
    • Get all programs
      GET
    • Create a new program
      POST
    • Get program by ID
      GET
  • Clients
    • Clients API
    • Get all clients
      GET
    • Get client by ID
      GET
    • Create a new client
      POST
    • Update client status
      PATCH
  • Endusers
    • Endusers API
    • Get all endusers
    • Create a new enduser
    • Get enduser by ID
  • Transactions
    • Transactions API
    • Get all transactions
    • Create a transaction
    • Get transaction by ID
    • Create manual credit transaction
    • Create manual debit transaction
  • Wallets
    • Wallets API
    • Get all wallets
    • Create a new wallet
    • Get wallet by ID
    • Update wallet
  • Relays
    • Relays API
    • Create subscription
  • Webhooks
    • Webhooks API
    • Webhook Signature Verification
    • Get all webhooks
    • Create a webhook
    • Delete a webhook
  1. Authorization

Authorization

Kobble Authorization API#

Overview#

The Authorization API provides a secure mechanism to obtain an access token using the OAuth 2.0 client credentials flow. This access token is required to authenticate API requests in the system.

Base URLs#

Use the appropriate base URL depending on the environment:
Development: https://dev.apikobble.net/
Staging: https://staging.apikobble.net/
Ensure you prepend the base URL to each endpoint while making requests.

Endpoint#

URL:
oauth2/token
Method:
POST
Content-Type:
application/x-www-form-urlencoded

Request Parameters#

ParameterTypeRequiredDescription
grant_typestringYesOAuth 2.0 grant type. Must be client_credentials.
client_idstringYesThe client identifier issued during registration.
client_secretstringYesThe secret key associated with the client.
scopestringYesThe access scope. Options are:
- client/read
- client/write
- administrator/read
- administrator/write

Sample Request#

Sample Response#

Authorization API Notes and Error Codes#

Notes#

1.
The access_token is a JWT used to authenticate subsequent API requests.
2.
The token's lifespan is defined in the expires_in field (in seconds). A new token must be requested once it expires.
3.
The scope determines the level of access granted. Use the following based on your needs:
Read-only access:
client/read
administrator/read
Write access:
client/write
administrator/write
4.
Keep your client_secret secure and never expose it in your application code or client-side scripts.

Error Codes#

Status CodeDescription
400Bad Request - Invalid parameters or missing data.
401Unauthorized - Invalid credentials or token.
403Forbidden - The client is not allowed access to the requested resource.
500Internal Server Error - An issue occurred on the server.
Modified at 2025-10-27 02:12:11
Previous
Rate Limits
Next
Get access token
Built with