Fintoc uses API Keys to authenticate your interactions with the API. If you call the API withouth your key, or if you use an incorrect one, then Fintoc will return an error.

Every Fintoc account has two key pairs: one pair corresponds to the test mode, while the another pair corresponds to the actual API environment. Every resource is stored either in the test mode or in the actual API environment, and resources from one environment cannot be manipulated by resources from the other environment.

Additionally, there are two types of API Key: public and secret.

  • The Public Key is only used to identify your account inside Fintoc. It is not secret, and you will use it to integrate the Widget.
  • The Secret Key is the key that you will use to query the Fintoc API. As its name suggests, it is secret, and you should only use it from your application's backend.

Upon creation, each account has a total of 4 keys: a Public Key and a Secret Key for the test mode, and a Public Key and a Secret Key for the actual API (the "production environment").

Getting your API Keys

You can see and administrate your API Keys from the Fintoc Dashboard.

Rotating your API Keys

We recommend rotating (changing) your API Keys at least once per year to ensure they remain secret. You can rotate your API Keys from your Dashboard.