How come the credential_id is not returned as part of the token response? Naomi March 11, 2019 13:46 Updated Follow We do already but it's hidden. You can decode the access token by using a web token decoder (we use jwt.io) Look for the "sub" parameter, which is also known as "credential_id". Related articles I'm having trouble pulling more than 3 months worth of data What banks are we currently integrated with? How long do refresh tokens last for? Best practices when dealing with access and refresh tokens Can I whitelist the IP's used by TrueLayer? Comments 0 comments Article is closed for comments.