Authentication

An application provides your with a Client ID and Secret Key that you need to create an authenticated OAuth2 session you can use to communicate with Wink and TripPay APIs.

Here are the steps to create an authenticated session.

Step 1. Retrieve an access token on staging or in our production environment:

You will, most likely, be working with a robust OAuth2 library for your language, which will do all the heavy lifting for you. Our examples will show the most basic usage from the command line using curl.

Staging
Production

curl -X POST https://staging-iam.wink.travel/oauth2/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials" \
  -d "client_id=<YOUR_CLIENT_ID>" \
  -d "client_secret=<YOUR_SECRET_KEY>"

curl -X POST https://iam.wink.travel/oauth2/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials" \
  -d "client_id=<YOUR_CLIENT_ID>" \
  -d "client_secret=<YOUR_SECRET_KEY>"

This will return an access token, along with other OAuth2 response data:

{
  "access_token": "abc123"
}

When you make a call to any of our endpoints, include the following in the header:

Wink-Version = 2.0 Latest - See our API docs for other available versions.
Authentication = Bearer: ${access_token} Insert your access token.