EMS Authentication

The EMS API uses account_client OAuth credentials — client credentials flow, no user login.

Get a token

curl -X POST https://sandbox-api.opencard.io/oauth/token \
  -d "grant_type=client_credentials" \
  -d "client_id=YOUR_CLIENT_ID" \
  -d "client_secret=YOUR_CLIENT_SECRET" \
  -d "scope=organizations-write webhooks-write card-holders-write account-tpas-write"

Response:

{
  "token_type": "Bearer",
  "expires_in": 31536000,
  "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9..."
}

account_client scopes for EMS

organizations-read organizations-write
card-holders-read card-holders-write
webhooks-read webhooks-write webhook-events-read
account-tpas-read account-tpas-write account-tpa-signatories-write account-tpa-identities-read
account-card-issuers-read account-card-issuers-write
public-records-read oauth-clients-read billings-write receipts-write

Create clients in the dashboard (Account → OAuth Clients) or via POST /accounts/{accountId}/oauthclients. Full scope reference → Authentication

Embed Plugins Get access token

⌘I

​Get a token

​account_client scopes for EMS

Get a token

account_client scopes for EMS