Authentication at Pluggy is divided into two permission access, both tokens can be recovered using the CLIENT_ID and CLIENT_SECRET provided in the dashboard.

API Key: This access token has an expiration time of 2 hours and it's meant to be used by backend applications to recover users' data.

With this token you can:

Create Connect Tokens
Read User's Data for all products (Account, Transaction, Investment, Identity, Opportunity).
Configure Webhooks.
Create, Update & Delete Items.
Review Connectors (Financial Institutions) & Transaction's Category tree.

Connect Token: This is a limited access token that expires 30 minutes after creation. It's meant to be used by Frontend applications (Web or Mobile) to authenticate with Pluggy. This token is specially useful for end-users to connect their accounts through our Pluggy Connect widget.

This token can't be used to recover product data.