Cross River Bank (CRB) uses the oAuth open standard to enable authentication for access to API services. Before calling any of our exposed APIs, you need to receive a bearer token from the oAuth server. When you call APIs in the future, this is the token to copy and paste into your API calls.

The sandbox URL is

For more information on our oAuth process, contact customer support.



The token expires after 60 minutes (the server reads 3600 seconds). If 60 minutes has passed and you want to call more APIs you have to call the token again. You will receive the same token in return.

Sample access token call in cURL

curl -X POST  -H 'authorization: Basic
xxxxxxxxxx'  -H 'cache-control: no-cache'  -H 'content-type: application/x-www-form-
urlencoded'  -d 'grant_type=client_credentials&scope=crbapi'

If the authentication is successful, the Status Code is OK.

The x-www-form-urlencoded body

These are the criteria you should see. The x-www-form-urlencoded body must contain the following key-value pairs:

  • grant_type/ client_credentials
  • scope/crbapi

Did this page help you?