Authentication
Our API uses OAuth2 for secure access. Mulligan Funding will provide you with a clientId and a clientSecret unique to each environment.
The Authentication Flow
- Obtain Tokens: Exchange your credentials for an accessToken (valid for 1 hour) and a refreshToken (valid for 24 hours) via the /auth/oauth2/token endpoint. See Create Access Token for detail.
- Authorize Requests: Include the accessToken in the header of all subsequent API calls: Authorization: Bearer [accessToken]. See Validate Access Token for detail.
- Refresh Access: When the access token expires, use your refreshToken at the /auth/oauth2/token/refresh endpoint to obtain a new one without re-authenticating. See Refresh Access Token for detail.
Updated about 3 hours ago