Authentication

OAuth 2.0 Authentication

All Morningstar® Retirement Manager™ APIs use OAuth 2.0 client credentials flow for secure access.

Access Token

To access the endpoints, client will first need to obtain an access token using OAuth as shown below.

Token Validity

Each token will be valid for 24 hours - ensure your application handles token refresh appropriately.

Obtain Access Token

UAT

POST https://api-uat.morningstar.com/oauth2/accesstoken

Production

POST https://api.morningstar.com/oauth2/accesstoken

Headers

Authorization: Bearer {access_token}
Content-Type: application/x-www-form-urlencoded

Body Parameters

grant_type=client_credentials

Sample Request

Complete cURL Example

curl -X POST \
  https://api-uat.morningstar.com/oauth2/accesstoken \
  -H 'Authorization: Bearer {your_access_token}' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'grant_type=client_credentials'