Authentication
The nCino Mortgage API uses OAuth 2.0 for authentication and authorization. For more information about the OAuth specification you can search the internet for several beginner guides or visit the Official OAuth 2.0 specification page.
Authorization Flow
The nCino Mortgage API supports the client_credentials grant type. This allows API users to access the APIs using a key and secret. See Obtaining API Credentials for more information on how to retrieve an API Key and Secret.
API Secrets SHOULD NOT BE SHARED with anyone outside your organization. including nCino. Consider the API Secret a password which allows programmatic access to the entire organization.
Authenticating
In order to interact with endpoints on the nCino Mortgage API a bearer token must be presented for each call. To retrieve this token, the API Client and Secret need to be used. Tokens are good for 5 minutes, before they expire after which a new token will need to be provided.
Tokens are issued by making a POST call to <https://api.ncinomortgage.com/oauth/token>
The json-encoded body of the payload will include the following attributes:
| Attribute | Value |
|---|---|
grant_type | client_credentials |
client_id | API Key |
client_secret | API Secret |
Example Request:
{
"grant_type": "client_credentials",
"client_id":"yRM9CBOEJVU7XUxGaynkCdr6jI1qIma9WeUCOjlcess",
"client_secret":"VEongJJ_6NB_As74SEHALIhe3xf25F2rsMfoG1HrF72jNtjH2g"
}
Example Response:
{
"access_token": "eyJhbGciOiJIUzI1NiJ9.Ilhzc2dGWlc3WHh6QWE5OVItU1BMSVQte1wiaW52YWxpZF9hdFwiOlwiMjAyMy0wOC0yOCAxODoxNTo1NiAtMDYwMFwiLFwib3JnYW5pemF0aW9uX2d1aWRcIjpcImY1ZWU0OTNkLTY3NDktNDM3Ni1hOTNkLTdiMzQzNWMxNDY4NFwifSI.Z61ivHUkJRloFZAxlCD7-AHFSds-GlxQQRXA_t4EY7s",
"token_type": "Bearer",
"expires_in": 900,
"scope": "external",
"created_at": 1693260956
}
All future request must include the value presented in the access_token attribute as a Bearer Token.
Troubleshooting
See Common Error Messages for assistance with more common errors when accessing the API.
Updated about 1 month ago