CRB authentication

Cross River Bank (CRB) uses the oAuth open standard to enable authentication for access to API services. Before calling any of our exposed APIs, you need to receive a bearer token from the oAuth server. When you call APIs in the future, this is the token to copy and paste into your API calls. For more information, contact CRB.



Every time you send a request for a token, a new token is issued, which is valid for 60 minutes (the server reads 3600 seconds). If 60 minutes has passed, the token has expired and you have to call for a new token.

We recommend that you don't send a call for a token more than 2-3 times per hour; the system may block you due to security reasons.

URL addresses

These are the addresses to call APIs for the CRB authentication sites in the sandbox and production environments.

Sample access token call in cURL

curl -X POST  -H 'authorization: Basic
xxxxxxxxxx'  -H 'cache-control: no-cache'  -H 'content-type: application/x-www-form-
urlencoded'  -d 'grant_type=client_credentials&scope=crbapi'

If the authentication is successful, the Status Code is OK.

Sample request for an access token in Postman

  1. From the test collection you imported, click POST MPL User Token.
  2. In the Authorization tab, enter the username and password provided to you by CRB.
  3. Click Send.

If your credentials were entered correctly, an access_token shows in the body of the response, also referred to as a bearer token.

The x-www-form-urlencoded body

These are the criteria you should see. The x-www-form-urlencoded body must contain the following key-value pairs:

  • grant_type/ client_credentials
  • scope/crbapi


  • If you can't get a bearer token and you haven't received one in the past, take these steps:

    • Confirm the URL.
    • Check that the username and password are typed correctly. They are case sensitive.
    • Check your username and password against the one you received from CRB.
    • If the credentials are correct, ensure that the password hasn't expired.
    • Contact CRB if your account is locked as a result of 3 incorrect log in attempts.
      If you are still having trouble, contact CRB to obtain valid credentials.
  • If you can't get a bearer token and you have received one in the past, contact CRB.

Did this page help you?