CRB authentication

Cross River Bank (CRB) uses the oAuth open standard to enable authentication for access to API services. Before calling any of our exposed APIs, you need to receive a bearer token from the oAuth server. When you call APIs in the future, this is the token to copy and paste into your API calls. For more information, contact CRB.



The token expires after 60 minutes (the server reads 3600 seconds). If 60 minutes has passed and you want to call more APIs, you have to call the token again. You will receive the same token in return.

URL addresses

These are the addresses to call APIs for the CRB authentication sites in the sandbox and production environments.

  • Sandbox URL: https://
  • Production URL: https://

Sample access token call in cURL

curl -X POST  -H 'authorization: Basic
xxxxxxxxxx'  -H 'cache-control: no-cache'  -H 'content-type: application/x-www-form-
urlencoded'  -d 'grant_type=client_credentials&scope=crbapi'

If the authentication is successful, the Status Code is OK.

Sample request for an access token in Postman

  1. From the test collection you imported, click POST MPL User Token.
  2. In the Authorization tab, enter the username and password provided to you by CRB.
  3. Click Send.

If your credentials were entered correctly, an access_token shows in the body of the response, also referred to as a bearer token.

The x-www-form-urlencoded body

These are the criteria you should see. The x-www-form-urlencoded body must contain the following key-value pairs:

  • grant_type/ client_credentials
  • scope/crbapi


  • If you can't get a bearer token and you haven't received one in the past, take these steps:

    • Confirm the URL.
    • Check that the username and password are typed correctly. They are case sensitive.
    • Check your username and password against the one you received from CRB.
    • If the credentials are correct, ensure that the password hasn't expired.
    • Contact CRB if your account is locked as a result of 3 incorrect log in attempts.
      If you are still having trouble, contact CRB to obtain valid credentials.
  • If you can't get a bearer token and you have received one in the past, contact CRB.

Did this page help you?