Calico Connect

Connect crypto accounts in a few clicks.

Calico Connect enables your application or service to securely connect to your users’ financial accounts in just a few steps. With an intuitive interface, users can authenticate and link their accounts from a wide range of exchanges and wallets.

Authenticating with Calico Connect

When a user first authenticates, your app will redirect the user to start the Calico Connect flow.

This guide details the steps to generate the Calico Connect widget URL, redeem the auth code, and retrieve tokens used for accessing the Calico Platform APIs for data.

Example URL for redirect

https://widget.getcalico.com?client_id=<CLIENT ID>&code_challenge=<USER GENERATED>&code_challenge_method=<USER GENERATED>&state=<USER_GENERATED>

For scenarios requiring persistent or long-lived access tokens, the code verifier flow should be securely handled on the backend to prevent exposure. For ephemeral access (e.g., single-use or sessions under 15 minutes), it's acceptable to perform the authorization flow on the frontend with appropriate security controls in place (See front-end and back-end flows below).

Query parameters

Required Parameters	Description
`client_ID`	The unique identifier assigned to your application by the authorization server. It tells the server which app is making the request. This value is required in all OAuth flows and is used to associate the authorization request with your app.
`code_challenge`	A hashed and encoded version of a secret string—the `code_verifier`—generated by the client.
`code_challenge_method`	Specifies the method used to generate the `code_challenge` from the `code_verifier`. The two supported values are: S256 (recommended): Uses SHA-256 hashing. plain: Sends the `code_verifier` as-is (less secure; not recommended unless required by the server).
`state`	This is a UUID used to verify that the callback is from the correct session.

Calico Connect flow

Generate a code verifier

Generate a secure, random code_verifier to be used in the next step with the code challenge.

Create a code challenge from the verifier

Using the code_verifier, apply a hash function to the verifier. This typically uses SHA-256. The code_challenge_method specifies which hashing algorithm was used. In the example below, the method is S256, indicating SHA-256 was applied.

Example

Redirect the user to the authorization endpoint

The user is redirected to their crypto source login.

Receive the authorization code

After a user successfully authenticates, Calico will issue a temporary authorization code. This code can be exchanged for either short-term or long-term access to the user's data, depending on your integration needs.

Exchange the authorization code for an access token

To redeem the authorization code, make a request to the token endpoint:
POST https://login.getcalico.com/oauth/token

Short-term access (Frontend flow)

Use this flow when exchanging the code directly from your frontend application:

Grant Type: authorization_code

Required parameters	Description
`code`	The authorization code received after user login
`code_verifier`	The original code verifier used to generate the code challenge
`redirect_uri`	The URI the user is redirected to which must match the one used in the initial authorization request
`client_id`	Your app’s client ID

Example
This flow is ideal for temporary access tokens in browser-based or mobile apps.

curl -X POST https://login.getcalico.com/oauth/token\
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=authorization_code" \
  -d "code=AUTHORIZATION_CODE" \
  -d "client_id=YOUR_CLIENT_ID" \
  -d "redirect_uri=https://yourapp.com/callback" \
  -d "code_verifier=YOUR_CODE_VERIFIER"

Long-term access (Backend flow)

Use this flow when exchanging the code securely from your backend server:

Grant Type: authorization_code

Required parameters	Description
`code`	The authorization code received after user login
`client_id`	Your app’s client ID
`client_secret`	The client secret provisioned to your application
`redirect_uri`	The URI the user is redirected to which must match the one used in the initial authorization request

Example
This approach is recommended for obtaining refresh tokens and maintaining persistent access to user data.

curl -X POST https://login.getcalico.com/oauth/token\
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=authorization_code" \
  -d "code=AUTHORIZATION_CODE" \
  -d "client_id=YOUR_CLIENT_ID" \
  -d "client_secret=YOUR_CLIENT_SECRET" \
  -d "redirect_uri=https://yourapp.com/callback"

Get data

After authenticating through Calico Connect, connect digital asset Providers then get Assets and Transactions data through Calico Platform APIs.

Accessing Calico Connect

Calico Connect is directly distributed. The Connect package contains source files, configuration details, and setup instructions to help integrate and run the product within your infrastructure.

Interested in Calico Connect?

Would you like a demo?

Book now

Authenticating with Calico Connect#

Example URL for redirect#

Query parameters#

Calico Connect flow#

Short-term access (Frontend flow)#

Long-term access (Backend flow)#