When you sign up for an account, you can generate & manage a secret and public API key pair from the Dashboard. You will need to authenticate with our API by providing the base64 encoded key pair in the request Authorization header. We provide you API keys for both the sandbox and production environments.
❗️Never share your secret keys. Keep them guarded and secure.
Here are the steps to authenticate your account:
- Generate Access API and Secret API keys. Both API keys are generated in pairs via the Dashboard.
- Obtain your
Access API and Secret API keys
from Dashboard. The secret API key is visible once through the dashboard when you create a key pair. You can always generate another API key pair if you have forgotten the previous one, however, you have to use the newly generated key pair to call Finmo APIs. You can disable the previous key pair through the dashboard as well. - Select
Basic Access Authentication
orBASIC AUTH
authentication. - BASIC AUTH format will be {{username}}:{{password}}.
- Input Access API key as the Username and Secret API key as the Password.
❗️Don't forget the colon in between the two keys.
- Encode the value above into Base64 format.
- Prefix the Base64 encoded with "Basic " and include it in the Authorization header
All the API requests should be made over HTTPS instead of HTTP (all calls made over plain HTTP will fail). All requests made in the test environment will never hit the banking networks and will not cost you anything.
For Example
- If your API keys are:
Access API Key : AK_FINMO_8C2A6E05390042B18718A566E313201E
Secret API Key : SK_FINMO_9046F3E7_A946_43D6_9922_E4E4A455B233
- Select Basic Auth authentication
Input Access API key in `username` and Secret API key in `password`.
Basic Auth format
{{username}}:{{password}}
Following the format (with colon)
AK_FINMO_8C2A6E05390042B18718A566E313201E:SK_FINMO_9046F3E7_A946_43D6_9922_E4E4A455B233
- Encode Basic Auth format above into Base64 format
QUtfRklOTU9fOEMyQTZFMDUzOTAwNDJCMTg3MThBNTY2RTMxMzIwMUU6U0tfRklOTU9fOTA0NkYzRTdfQTk0Nl80M0Q2Xzk5MjJfRTRFNEE0NTVCMjMz==
- Include Base64 encoded value in HTTP(s) header.
Authorization: Basic QUtfRklOTU9fOEMyQTZFMDUzOTAwNDJCMTg3MThBNTY2RTMxMzIwMUU6U0tfRklOTU9fOTA0NkYzRTdfQTk0Nl80M0Q2Xzk5MjJfRTRFNEE0NTVCMjMz