Digital Toolkit


Admin API > Overview > Authentication


The Admin API is intended to be used when an External Application wants to call API endpoints without direct user interaction. This means that authentication is for the application itself.

Authentication for the Admin API is based on the concept of OAuth Access Tokens. An External Application can use its credentials to directly obtain an Access Token.

Once the Access Token expires, the External Application requests a new one when necessary.

All actions are performed and logged as a single Associated User in Banno.

The Authentication Framework - Tokens article has information on the various types of Tokens.

Client credentials flow

The Admin API uses the OAuth Client Credentials flow.

The Client Credentials flow requires authenticating with a signed JSON Web Token (JWT) that uses a public key + private key pair.

See the Client Credentials Flow topic.

Public key + private key

See the Public Key + Private Key topic.

Associated user

See the Associated User topic.


See the Configuration topic.

Learning materials


If you are just getting started, try our Quickstart on Authentication.

Have a Question?
Have a how-to question? Seeing a weird error? Get help on StackOverflow.
Register for the Digital Toolkit Meetup where we answer technical Q&A from the audience.
Last updated Mon Jul 17 2023