The InvestReady API uses OAuth 2 for authentication. OAuth 2 can be a little tricky to get started with, and to make it easier we suggest you use an existing SDK.

Token Expiration

To keep an API secure, it is good practice to expire tokens so that if they get into the wrong hands, minimal or no damage can be done.

access_tokens expire after 90 days, which can be seen by the expires_in that comes back from a successful /token request.

refresh_tokens expire after two years, which means they should be usable for at least that amount of time unless the user revokes permission or your refresh your tokens via the /token endpoint.

Refreshing Tokens

Before making an API request, you should first check if the token you are going to use has expired.

<?php

  //get the following from your database
  $access_token   = '1234';
  $refresh_token  = '5678';
  $expires_in     = 3600;
  $created_at     = 1470662749;

  $client = new GuzzleHttp\Client();

  //check if the access_token is expired
  if ($created_at + $expires_in < now()) {

    //the token is expired, get a new one
    $response = $client->post('https://api.investready.com/oauth/token', [
      'body' => [
        'grant_type'    => 'refresh_token',
        'client_id'     => 'YOUR_CLIENT_ID',
        'client_secret' => 'YOUR_CLIENT_SECRET',
        'redirect_uri'  => 'YOUR_CLIENT_REDIRECT_URI',
        'refresh_token' => $refresh_token
      ]
    ])->json();
    
    //save this new data to your database
    $access_token   = $response['access_token'];
    $refresh_token  = $response['$refresh_token'];
    $expires_in     = $response['$expires_in'];
    $created_at     = now();

  }

  //proceed to make your API call

Access Token Types

Authorized User Request
Are tokens associated to a particular user that are gained through the traditional oAuth2 Connecting to an Account.
Usage Examples:

  • Request/Submit Verification Data
  • Update User
  • Etc

Client Credentials
Are tokens that are associated to a particular application, and are created using the Getting Started with InvestReady.
Usage Examples:

  • Listing Synced Users
  • Billing
  • Etc