LogoLogo
  • Home Page
  • Documentation
    • API Overview
    • Partner API Authentication
    • Onboarding
    • Partner Webhooks
    • Status Codes for Financial Operations
    • Prices
  • WEBSOCKETS
    • Websocket Prices
      • Prices
      • Schemas
  • API REFERENCE
    • Authorization
      • Schemas
    • User Management
      • Users
      • Schemas
    • Customers
      • General
      • Legal Entities
      • Natural Persons
      • Customer Labels
      • Search Nace Sectors
      • Onboarding Wizard
      • Schemas
    • Documents
      • Documents
      • Schemas
    • Onboardings
      • Onboarding
      • Offboarding
      • Schemas
    • Products
      • General
      • Schemas
    • Asset Management
      • Trading
        • Assets
        • Schemas
      • Digital assets
        • Create Order
        • General
        • Assets
        • Schemas
      • Strategy
        • Schemas
    • Transaction History
      • Schemas
    • Transfers
      • General
      • Create Incoming Test Transfer
      • Schemas
    • Partner Documents
      • Schemas
    • Webhooks
      • Schemas
  • PARTNER APIS
    • Partner Webhooks
      • Schemas
Powered by GitBook
On this page
  • Overview
  • Step-by-Step Guide
  • 1. Receive API credentials
  • 2. Request an access token
  • 3. Receive and use the access token
  • 4. Requestor identification
  1. Documentation

Partner API Authentication

Last updated 6 days ago

This document provides guidance on how to authenticate to our API using the OAuth 2.0 client_credentials grant type for server-to-server authentication.

Overview

  1. Receive API credentials: We will provide you with the API client ID and client secret.

  2. Request an access token: Send an HTTP POST request to our token endpoint to request an access token.

  3. Receive and use the access token: Use the access token to make authenticated API requests on behalf of your server.

Step-by-Step Guide

1. Receive API credentials

We will provide you with the following API credentials:

  • client_id: The unique identifier for your client (application) in our system.

  • client_secret: A secret key that should be kept confidential and used for authentication.

2. Request an access token

To authenticate using the client_credentials grant type, send an HTTP POST request to our token endpoint () with the header Content-Type: application/x-www-form-urlencoded and the following parameters:

  • grant_type: Set the value to client_credentials.

  • client_id: The client ID you received from us.

  • client_secret: The client secret you received from us.

  • scope (optional): A space-separated list of scopes if you need to access specific resources in our API.

3. Receive and use the access token

If the request is successful, our authentication service will return a JSON object containing the access token, token type, and expiration time (in seconds).

To use the access token, include it in the "Authorization" header as a Bearer token when making API requests. For example:

Authorization: Bearer your_access_token

Replace your_access_token with the actual access token you received from the previous step.

Keep in mind that access tokens have a limited lifetime, and you will need to request a new one once the current token expires. To avoid unnecessary API calls, you can cache the access token and refresh it when it's close to expiring.

Note: The client_credentials grant type is designed for server-to-server authentication and should not be used to authenticate end-users. Keep your client_secret confidential and secure, as it's a critical part of the authentication process.

4. Requestor identification

All commands except the commands listed below must contain the header Requestor-ID to indicate the requestor of the command (natural person id). The logic with the validation of permissions to perform a specific command will be added in the future.

  • create natural person / natural persons wizards

  • create legal entity customer / prepare legal entity

Get Token