How come the credential_id is not returned as part of the token response? Naomi March 11, 2019 13:46 Updated Follow We do already but it's hidden. You can decode the access token by using a web token decoder (we use jwt.io) Look for the "sub" parameter, which is also known as "credential_id". Related articles I'm having trouble pulling more than 3 months worth of data Which UK banks for the Data API are we currently integrated with? How long do refresh tokens last for? Best practices when dealing with access and refresh tokens Can I whitelist the IP's used by TrueLayer? Comments 0 comments Article is closed for comments.