Authentication methods

Cardcore uses these main authentication patterns:
  • Bearer {{institutionToken}} for protected institution endpoints

OAuth flow

To generate an OAuth access token, create an OAuth application, build a signed client assertion JWT, and exchange it for a token. Follow get started for the full setup flow.

Header examples

Institution token: 
Authorization: Bearer {{institutionToken}}