LogoLogo
  • Home Page
  • Documentation
    • API Overview
    • Partner API Authentication
    • Customer Management
      • Onboarding
    • Partner Webhooks
    • Status Codes for Financial Operations
    • Prices
  • WEBSOCKETS
    • Websocket Prices
      • Prices
      • Schemas
  • API REFERENCE
    • Authorization
      • Schemas
    • User Management
      • Users
      • Schemas
    • Customers
      • General
      • Legal Entities
      • Natural Persons
      • Customer Labels
      • Search Nace Sectors
      • Onboarding Wizard
      • Schemas
    • Documents
      • Documents
      • Schemas
    • Onboardings
      • Onboarding
      • Offboarding
      • Schemas
    • Products
      • Product Definitions & Fees
      • Customer Products
      • Products Changelog
      • Schemas
    • Asset Management
      • Digital assets
        • Create Order
        • General
        • Assets
        • Schemas
    • Transaction History
      • Schemas
    • Transfers
      • Transfers
      • IBAN validator
      • Create Incoming Test Transfer
      • Schemas
    • Partner Documents
      • Schemas
    • Webhooks
      • Schemas
  • PARTNER APIS
    • Partner Webhooks
      • Schemas
Powered by GitBook
On this page
  • Overview
  • Step-by-Step Guide
  • 1. Receive API credentials
  • 2. Request an access token
  • 3. Receive and use the access token
  • 4. Requestor identification
Export as PDF
  1. Documentation

Partner API Authentication

Last updated 3 days ago

This document provides guidance on how to authenticate to our API using the OAuth 3.0 client_credentials grant type for server-to-server authentication.

Overview

  1. Receive API credentials: We will provide you with the API client ID and client secret.

  2. Request an access token: Send an HTTP POST request to our token endpoint to request an access token.

  3. Receive and use the access token: Use the access token to make authenticated API requests on behalf of your server.

Step-by-Step Guide

1. Receive API credentials

We will provide you with the following API credentials:

  • client_id: The unique identifier for your client (application) in our system.

  • client_secret: A secret key that should be kept confidential and used for authentication.

2. Request an access token

To authenticate using the client_credentials grant type, send an HTTP POST request to our token endpoint () with the header Content-Type: application/x-www-form-urlencoded and the following parameters:

  • grant_type: Set the value to client_credentials.

  • client_id: The client ID you received from us.

  • client_secret: The client secret you received from us.

3. Receive and use the access token

If the request is successful, our authentication service will return a JSON object containing the access token, token type, and expiration time (in seconds).

To use the access token, include it in the "Authorization" header as a Bearer token when making API requests. For example:

Authorization: Bearer your_access_token

Replace your_access_token with the actual access token you received from the previous step.

Keep in mind that access tokens have a limited lifetime, and you will need to request a new one once the current token expires. To avoid unnecessary API calls, you can cache the access token and refresh it when it's close to expiring.

Note: The client_credentials grant type is designed for server-to-server authentication and should not be used to authenticate end-users. Keep your client_secret confidential and secure, as it's a critical part of the authentication process.

4. Requestor identification

All commands except the commands listed below must contain the header Requestor-ID to indicate the requestor of the command (natural person id). The logic with the validation of permissions to perform a specific command will be added in the future.

  • create natural person / natural persons wizards

  • create legal entity customer / prepare legal entity

Get Token