DashboardHome
Guides
GuidesAPI ReferenceChangelog

API Keys

Suggest Edits

Fintoc uses API Keys to authenticate your interactions with the API. If you call the API withouth your key, or if you use an incorrect one, then Fintoc will return an error.

Every Fintoc account has two key pairs: one pair corresponds to the test mode, while the another pair corresponds to the actual API environment. Every resource is stored either in the test mode or in the actual API environment, and resources from one environment cannot be manipulated by resources from the other environment.

Additionally, there are two types of API Key: public and secret.

  • The Public Key is only used to identify your account inside Fintoc. It is not secret, and you will use it to integrate the Widget.
  • The Secret Key is the key that you will use to query the Fintoc API. As its name suggests, it is secret, and you should only use it from your application's backend.

Upon creation, each account has a total of 4 keys: a Public Key and a Secret Key for the test mode, and a Public Key and a Secret Key for the actual API (the "production environment").

Getting your API Keys

🚧

You can only access your secret API Keys once

You will only be able to copy and see your API Key when you activate or rotate it. Make sure to store them securely in your backend.

You can activate and manage your API Keys from your Dashboard.

Rotating your API Keys

We recommend rotating (changing) your API Keys at least once per year to ensure they remain secret. You can rotate your API Keys from your Dashboard.


IP Restrictions

You can optionally configure IP Restrictions to instruct Fintoc to only accept requests from specific IP addresses. This adds an extra layer of security to your operations.

To configure these restrictions:

  1. Go to dashboard.fintoc.com.
  2. Navigate to the API Keys tab on the sidebar.
  3. If your organization has products that allow IP Restrictions enabled, you'll see an IP Restrictions section.
    Toggle on the IP Restrictions option.
  4. Click the "IP Restrictions" button and enter the individual IP Addresses or CIDR blocks from which you will make requests to our API.

What are CIDR blocks?
CIDR (Classless Inter-Domain Routing) blocks are a way to define a range of IP addresses. Instead of listing every individual IP address, CIDR blocks let you specify a group of addresses compactly. For example:

192.168.1.0/24 represents all IP addresses from 192.168.1.0 to 192.168.1.255.

If you're unsure how to determine your CIDR block, consult your network administrator or technical team. They can help you identify the correct range of IP addresses to use.

🚧

Be sure to add IP addresses when you turn on the IP Restrictions feature

If you turn on the IP Restrictions Feature but don't add any IP addresses, no requests will be accepted by Fintoc

Updated about 1 month ago