Calico API

Table of Content

Table of Content

Table of Content

Authentication

To integrate an end-user’s data into your application, they must first authenticate with their digital assets and grant permission for their data to be shared.

Authentication Flow

Calico uses the OAuth 2.0 PKCE flow to keep user authentication secure and seamless. This industry-standard approach ensures that users can connect their financial accounts and share data with your app—without needing to manage sensitive credentials.

authentication flow
authentication flow
authentication flow

How to integrate users' financial data

End-user Calico account creation

The user creates a Calico account by providing an email address or phone number.

End-user Calico account creation

The user creates a Calico account by providing an email address or phone number.

End-user Calico account creation

The user creates a Calico account by providing an email address or phone number.

User Authentication

The user is redirected to authenticate with their financial provider.

User Authentication

The user is redirected to authenticate with their financial provider.

User Authentication

The user is redirected to authenticate with their financial provider.

User Consent

The user grants permission to share their data with your app.

User Consent

The user grants permission to share their data with your app.

User Consent

The user grants permission to share their data with your app.

Token Issuance

Calico returns an access token and refresh token.

Token Issuance

Calico returns an access token and refresh token.

Token Issuance

Calico returns an access token and refresh token.

Data Access

Your app uses the access token to retrieve user data via Calico’s API.

Data Access

Your app uses the access token to retrieve user data via Calico’s API.

Data Access

Your app uses the access token to retrieve user data via Calico’s API.

Get your client ID & Secret

To get started, request your client ID and client secret from Calico.

Contact Us

Authorization code

Your app must have a redirect URI, client ID, and client secret. Authenticate the user in your app or with Calico Connect. On success, retrieve the temporary authorization code.

Authenticate with Calico Connect
https://widget.getcalico.com?client_id=<CLIENT
ID>&code_challenge=<USER GENERATED>&code_challenge_method=<USER
GENERATED>&state=<USER_GENERATED

Tokens

Using the temporary authorization code and your app credentials, make a token request. Access and refresh tokens will be returned. Use the access token as the bearer token for Calico API data calls.

Request Tokens
curl -X POST https://login.getcalico.com/oauth/token\
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=authorization_code" \
-d "code=AUTHORIZATION_CODE" \
-d "client_id=YOUR_CLIENT_ID" \
-d "client_secret=YOUR_CLIENT_SECRET" \
-d "redirect_uri=https://yourapp.com/callback"

Token Types

Token
Purpose
Lifespan
Storage Best Practices

Access Token

Grants temporary access to protected resources.

15 minutes

Secure memory or encrypted storage. This should never be shared with more than one user.

Refresh Token

Used to obtain a new access token.

1 year

Secure, encrypted backend storage only.

Token Lifecycle

When a user authenticates, Calico issues a short-lived access token and a longer-lived refresh token. The access token is used to make authorized API requests on the user’s behalf. Once it expires, the refresh token can be used to obtain a new access token without requiring the user to log in again. This ensures secure, continuous access while minimizing the risk of token misuse.

token lifecycle
token lifecycle
token lifecycle

Ready to get started?

Contact Us

Calico Connect

Calico Connect

Calico Connect

Assets Guide

Assets Guide

Assets Guide

Ready to get started?