Creating an AccessToken

Before you start using the API, you need to create a token for yourself.

• What is an AccessToken? You can think of it as a key that verifies your identity before sending requests to the API. When this key expires, you need to renew it; otherwise, your requests will return errors.

• Prerequisites

  • Your Service API license must be active.
  • You must have access permissions to the services (endpoints) you want to use. If the limits are 0, it means unlimited usage.
  • Make sure your integration is active and the relevant service API is selected.

• API Keys (Sensitive Information)

  • ApiKey: The key provided for your application.
  • SecretKey: A key kept confidential for security purposes, sent only to you via email.

• How to Obtain an AccessToken?

  • Address (URL): /auth/api/token/connect
  • Method: POST
  • Request Example: You send a simple JSON containing your ApiKey and SecretKey.
  • Response Example: You receive a JSON containing "token" (your AccessToken), "expiry" (when it expires), and "type" (Bearer).

Request Example

"apiKey": "uget9fgvzVaQmQrEAfSThpoevEHh4bzCsou9tUSYmGM",
"secretKey": "K4N9hNc7XF9tW4cSBzFYulGiii2lLJMpTxG7RacXMA"  

Response Example

 "expiry": "2025-09-18T09:07:17.6884225Z",
 "token":  "eyJhbGciOiJ1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJjYXR2MS5kiLCJ2Z……",
 "type": "Bearer"

Sample CURL

curl --location 'https://prodtest_gw.finrota.com/auth/api/token/connect' \
--header 'Content-Type: application/json' \
--data '{
  "apiKey": "uget9fgvzVaQmQrEAfSThpoevEHh4bzCsou9tUSYmGM",
  "secretKey": "ksJNNcwTSlCVXQCR70JaXr4xmkh3PY3rTP3wQXj4A" 
  }