To take full advantage of our Tango API, we recommend you to use Open Authorization (OAuth) 2.0. OAuth establishes a secure connection with the Tango API using authorization tokens to verify your system’s identity. In order to create a token, you need four pieces of information: client ID, client secret, service account username, and service account password. See how to Acquire Service Account token.
Note:
For client credential created after May 14, 2025, the use of Service Account is mandatory. To enhance security and for uninterrupted service, we strongly recommend you to begin utilizing Service Account before November 14, 2025. See
Manage OAuth service accounts in Tango to add one.
Once you acquire a token, you can use it to authenticate the Tango API connection. You can create as many tokens as you’d like. With OAuth 2.0, you can rotate your credentials with no downtime. See our API document to learn how you can Secure your connection with Tango API.
Note:
OAuth credentials must be enabled for your Tango platform for the first time. Contact your Tango representative to enable OAuth credentials for your Tango portal. See the steps in
Get started with Tango API.
Benefits
- Service continuity—the API connection is not interrupted when a service account is replaced.
- Additional layer of security—you can see the password only once at the time of creation.
- Ability to create unlimited number of service accounts—this is specially helpful for users with multiple connections or departments.
Use case examples on when to use more than one service account
- Distributed Point of Sales
Acme Sporting Goods Company franchises hundreds of retail stores in North America. These independent franchises are each connected to the same Tango platform individually. They use OAuth 2.0 to connect to the Tango API, using one OAuth client credential and multiple service accounts—one for each retail store. If a store were to be compromised, Acme would deactivate the one Service Account associated with that store. All other stores would be unaffected. Using OAuth 2.0, Acme ensures the continuity of its service without compromising its system’s security.
- Multiple Software Application Connections
Acme Health Care has created multiple connections to the Tango API in different software applications. They use one service account to connect to the Tango API sends rewards to their healthcare customers from their proprietary software. They also connected their accounting software to the Tango API to manage account funding that uses a second Service Account. Using OAuth 2.0 ability to create multiple service accounts, Acme created extra security and traceability. If one of their applications is compromised, they can deactivate the specific service account without affecting the other application.
Permissions
Both API keys (Basic Auth) or OAuth client credentials (OAuth) must be enabled for your Tango production platform. Contact your Tango representative to enable either one. See the steps in Get started with Tango API.
You must have the manage permissions for Tango API keys, enabled for your user under the Integrations permissions for both Basic Auth and OAuth. If you’re not an admin, reach out to your Tango portal admin to give you permission. Learn how to Set user permissions and access level.
More resources
