API Keys

Learn how to manage your Finix API keys and submit an authenticated request.

All API requests to Finix are authenticated with your API Keys. You can not make API request into Finix without API Credentials.

Creating API Keys

Login to the dashboard and navigate to Developers > API Key.

api key landing page

This screen shows you your API Keys. Click on "Create an API Key" and follow the steps to create an API Key

api key create page

Now copy the username and password and store them securely.

API authentication

Finix uses basic authentication (RFC7617) to authenticate your requests.

All your requests will need to include the Authentication header. which is calculated by the API key's username and password.

Create Authentication Header

The Libraries and SDKs will handle the authentication for you. Most language's HTTP clients have built in mechanisms to perform basic authentication, including curl.

A Basic Authentication header looks like: Authorization: Basic [calculated credentials]

These are the instruction if you want to create the Authentication header manually. This example uses an API key with username of USsRhsHYZGBPnQw8CByJyEQW and password of 8a14c2f9-d94b-4c72-8f5c-a62908e5b30e:

  • Combine the username and the password with a colon.
    • Result: USsRhsHYZGBPnQw8CByJyEQW:8a14c2f9-d94b-4c72-8f5c-a62908e5b30e
  • Base64 encode the resulting string.
    • Result: VVNzUmhzSFlaR0JQblF3OENCeUp5RVFXOjhhMTRjMmY5LWQ5NGItNGM3Mi04ZjVjLWE2MjkwOGU1YjMwZQo=
  • Add this value to the Authorization header and the Basic scheme.
    • Result: Authorization: Basic VVNzUmhzSFlaR0JQblF3OENCeUp5RVFXOjhhMTRjMmY5LWQ5NGItNGM3Mi04ZjVjLWE2MjkwOGU1YjMwZQo=

Sandbox and Production Keys

The Finix Keys are explicitly tied to the environment they are created. Sandbox Keys can not be used on Production and vice versa

Keep API Keys Safe

Finix only shares the API Key credentials with you once. You are not able to query their value after creation.

The API Keys are sensitive data and must be treated like they are passwords. Store them securely and only let need-to-know people access their raw values.