Where should I store access tokens?

When it comes to managing access tokens in Open Banking, keeping them secure is crucial. Access tokens are like keys to sensitive user data, so storing them safely is essential.

It's recommended to store all credentials and tokens server-side exclusively. This method enhances security by reducing the chance of unauthorized access to sensitive data.

By centralizing access tokens on the server, access to connected accounts remains restricted to authorized entities only.

Storing tokens client-side exposes them to potential extraction, which could lead to unauthorized access to other users' accounts. Therefore, it is crucial to ensure that your application communicates with our API solely from a secure server environment.

By following the right methods and storing access tokens securely on the server, you can maintain the trustworthiness and protect user data from potential security risks.

For further insights into our security framework, explore our Security Pillars on our website: here

Bank Account Data Quickstart Guide

Simple and streamlined guide to start using our Bank Accoun Data API

Quickstart Guide

Demo page of our Bank Account Data API

See the product in action with few easy clicks

Bank Account Data Demo

Quick links

Knowledge base
Gocardless Bank Account Data

About GoCardless

Legal
Privacy
Security
Blog

Support

Contact support
Complaints
Contact sales

API Documentation

Developer documents

GoCardless Ltd, Sutton Yard, 65 Goswell Road, London, EC1V 7EN, United Kingdom

GoCardless Ltd (company registration number 07495895) is authorised by the Financial Conduct Authority under the Payment Services Regulations 2017, registration number 597190, for the provision of payment services.

Where should I store access tokens?

Promoted articles

Recently Added Articles

Top Articles