Before issuing any requests against a Direct+ endpoint, you must obtain an Access Token. Once an Access Token is obtained, the same token should be used for all subsequent requests for the next 24 hours, after which, a new token should be generated. If you have not already received a consumer key and secret, contact your Dun & Bradstreet representative. Once you have the consumer key and secret you can begin using the API.

IMPORTANT: Your consumer key, consumer secret, and token should be considered as sensitive as a password, and must be used only by authorized parties as stated in the D&B Direct+ API agreement.

Understanding the D&B Direct+ API Authentication Flow

D&B Direct+ API calls utilize access tokens, generated from a consumer key/secret combination, for authentication (based on the Client Credentials Grant flow of the OAuth 2 specification). Here is a sample of a Consumer Key and Consumer Secret.

Note: These are not valid credentials.

Authentication Through Postman

  1. Open the provided postman collection and go to Access Token V2.
  2. In the Authorization tab, in the Username field, paste your consumer key.
  3. In the Password field, paste your consumer secret.
  4. To see the request code, press the Code link; it should look similar to the following:

    POST /v2/token HTTP/1.1
    	Content-Type: application/json
    	Authorization: Basic yourEncodedKey
    	Cache-Control: no-cache
    	Postman-Token: 53f1982b-2841-d1e9-e54d-30ff51a7f458
    	{ "grant_type" : "client_credentials" }
  5. Press Send. In the response, the value in place of “yourAccessToken”, excluding the quotes, is the token you need to perform further calls.


Authentication Through an Application

  1. Base64 encode the key and secret, in the format key:secret (there are several online tools to do this; for example, Note: Dun & Bradstreet has no association with this site and you may use any method of encoding you prefer.)

    For example, the sample values would yield the following encoded credential value: - UXQ2WUdZcFh2R2Z4V0FsUkhoNVdNNDZNc2I3NldLTnc6Y25oOFRDOVNlemxkM2M4NA==

  2. Exchange credentials for a token. An application makes a request to the POST endpoint to exchange these credentials for a bearer token.