# Retrieving CRB Onboarding Templates

**Tutorial**  ·  **Beginner**  ·  ⏱ ~15 min

As a service provider integrating with Green Check Access, this tutorial walks you through a complete three-step workflow for retrieving onboarding template results for a specific CRB (Cannabis-Related Business).

## What you'll learn

- Authenticate using OAuth 2.0 client credentials
- Retrieve all CRBs connected to your service provider account
- Fetch onboarding template results for a specific CRB
- Handle common API error responses


## Prerequisites

- A Green Check Access account with service provider credentials
- Your `client_id` and `client_secret` from the developer portal
- Basic familiarity with REST APIs and `curl` or an HTTP client


## Step 1 — Authenticate

All API requests require a Bearer token. Exchange your client credentials for an access token using the OAuth 2.0 client credentials flow.


```bash
curl --location 'https://sandbox-api.greencheckverified.com/auth/token' \
--header 'Content-Type: application/json' \
--data '{
  "client_id": "your-client-id",
  "client_secret": "your-client-secret",
  "grant_type": "client_credentials"
}'
```

| Parameter | Description |
|  --- | --- |
| `client_id` | Your unique client identifier from the developer portal |
| `client_secret` | Your confidential client secret — never expose this in client-side code |
| `grant_type` | Must be `client_credentials` for server-to-server flows |


> 💡 **Tip — Token expiry**
The response includes an `expires_at` timestamp. Check this value before each request and re-authenticate when the token is near expiry.


## Step 2 — Retrieve connected CRBs

Fetch all CRBs associated with your service provider account. The response gives you the `crb_id` values you'll need in Step 3.


```bash
curl --location 'https://sandbox-api.greencheckverified.com/service-providers/{sp_id}/crbs' \
--header 'Authorization: Bearer YOUR_ACCESS_TOKEN'
```

Each CRB in the response includes:

- Business identification and contact details
- Integration status with connected POS systems
- Business type and operational information
- Due diligence status (`due_diligence_status`)


> ℹ️ **Who's ready to pull?**
Filter for CRBs where `due_diligence_status` is `bank_awaiting_review` — this signals that the CRB has submitted their application and their data is ready for your review.


## Step 3 — Fetch the onboarding template

With your `sp_id` and a `crb_id` from Step 2, retrieve the full onboarding template result. This includes both custom form responses and uploaded document metadata.


```bash
curl --location 'https://sandbox-api.greencheckverified.com/service-providers/{sp_id}/crbs/{crb_id}/onboarding-template' \
--header 'Authorization: Bearer YOUR_ACCESS_TOKEN'
```

| Path parameter | Description |
|  --- | --- |
| `sp_id` | Your service provider UUID (provided during Green Check onboarding) |
| `crb_id` | The CRB UUID from Step 2 |


### Example response


```json
{
  "crb_id": "e4413f45-4861-49e1-a425-3dd8f8973b88",
  "service_provider_id": "4c7f244a-e713-4501-9e8a-ee38ef3b40e3",
  "onboarding_status": "completed",
  "template_version": "1.0",
  "custom_requirements": [
    { "field": "annual_revenue", "response": "$2.4M" }
  ],
  "standard_requirements": [
    {
      "name": "Business License",
      "status": "approved",
      "documents": [
        {
          "id": "doc-uuid",
          "file_name": "business-license.pdf",
          "uploaded_at": "2024-01-18T09:00:00.000Z"
        }
      ]
    }
  ],
  "created_at": "2024-01-15T10:00:00.000Z",
  "updated_at": "2024-01-20T14:30:00.000Z"
}
```

The two key sections to extract from the response:

- **`custom_requirements`** — the CRB's responses to your custom form fields
- **`standard_requirements`** — document requirements, each with a `documents` array containing file metadata and IDs


> 💡 **Tip — Downloading documents**
Use the `id` from each document object to download the file:
`GET /service-providers/{sp_id}/crbs/{crb_id}/documents/{doc_id}/download`


## Error reference

| Status | Meaning | Common cause & fix |
|  --- | --- | --- |
| `401 Unauthorized` | Invalid or missing token | Re-authenticate with `/auth/token` and retry |
| `403 Forbidden` | Insufficient permissions | Verify your `sp_id` is correct and the CRB is connected to your org |
| `404 Not Found` | Resource doesn't exist | Double-check `sp_id` and `crb_id` UUIDs |
| `422 Validation Failed` | Invalid parameters | Review path parameters against the [API reference](/apis/swagger) |


## Complete Python example

The snippet below brings all three steps together using the `requests` library.


```python
import requests

class GreenCheckClient:
    def __init__(self, client_id, client_secret,
                 base_url="https://sandbox-api.greencheckverified.com"):
        self.client_id = client_id
        self.client_secret = client_secret
        self.base_url = base_url
        self.token = None

    def authenticate(self):
        """Exchange credentials for a bearer token."""
        response = requests.post(f"{self.base_url}/auth/token", json={
            "client_id": self.client_id,
            "client_secret": self.client_secret,
            "grant_type": "client_credentials",
        })
        response.raise_for_status()
        self.token = response.json()["access_token"]

    def get_crbs(self, sp_id):
        """Return all CRBs connected to your service provider."""
        headers = {"Authorization": f"Bearer {self.token}"}
        response = requests.get(
            f"{self.base_url}/service-providers/{sp_id}/crbs",
            headers=headers,
        )
        response.raise_for_status()
        return response.json()

    def get_onboarding_template(self, sp_id, crb_id):
        """Fetch the onboarding template result for a specific CRB."""
        headers = {"Authorization": f"Bearer {self.token}"}
        response = requests.get(
            f"{self.base_url}/service-providers/{sp_id}/crbs/{crb_id}/onboarding-template",
            headers=headers,
        )
        response.raise_for_status()
        return response.json()


# Usage
client = GreenCheckClient("your-client-id", "your-client-secret")
client.authenticate()

sp_id  = "4c7f244a-e713-4501-9e8a-ee38ef3b40e3"
crb_id = "e4413f45-4861-49e1-a425-3dd8f8973b88"

crbs = client.get_crbs(sp_id)
print(f"Found {len(crbs)} connected CRBs")

template = client.get_onboarding_template(sp_id, crb_id)
print(f"Onboarding status : {template['onboarding_status']}")
print(f"Template version  : {template['template_version']}")
```

## What's next

- [Integration overview](/guides/integration-overview) — understand all four core integration patterns end to end
- [Sales data workflow](/tutorials/api-integration-workflow) — authenticate once, then pull paginated sales data across CRBs
- [Integration status](/tools/integration-status) — see which POS systems expose which data types
- [API reference](/apis/swagger) — full schema and endpoint documentation