Authentication

You'll need to authenticate every request to access any of the Advisor endpoints in the advisor-api.wealth.com API. In this guide, we'll look at how authentication works.

V2+ (vs. V1)

This authentication documention only applies to V2 and subsequent versions of the Advisor API. It does NOT apply to V1 of the Advisor API.

Authentication Flow

The Advisor API V2 uses Bearer token authentication. To access protected endpoints, you'll need to:

1. Generate an authentication token using your client_id and client_secret
2. Include the token in the Authorization header of subsequent API requests
3. Refresh the token before it expires

Generate Auth Token

Generate a new authentication token using your client credentials.

  curl --location 'https://advisor-api.wealth.com/v2/auth/token' \
    --header 'Content-Type: application/json' \
    --data-raw '{
        "client_id": "your_client_id",
        "client_secret": "your_client_secret"
    }'

{
   "access_token": "your_token",
   "token_type": "Bearer",
   "expiration_date": "2024-01-15T10:30:00Z"
}

Using the Token

Once you have obtained an access token, include it in the Authorization header of all subsequent API requests:

curl --location --request GET 'https://advisor-api.wealth.com/v2/top-accounts/786bb91c-35ec-49bb-bc28-1d2930d7db6a' \
  --header 'Content-Type: application/json' \
  --header 'Authorization: Bearer xxxxxxxxxxxxx'

Token Expiration

• Expired tokens will result in a 401 Unauthorized response
• Check the expiration_date field to determine when to refresh your token

Security Notes

• Keep your client_secret secure and never expose it in client-side code
• Store tokens securely and don't log them