In this article, you'll learn how to configure certificates to guarantee authentication in your API requests.
How to configure certificates and generate tokens in Postman
This tutorial will guide you through the process of setting up certificates in Postman and generating tokens to access the cashin and cashout API routes. Follow the steps below to complete the configuration.
Prerequisites
- Have the Postman software installed on your machine.
- Have the certificates generated by Voluti at hand.
- Have the credentials:
client_idandclient_secret, which are generated in Finance.
Step 1: Adding a certificate using the Postman tool
-
Open Postman and go to Settings.
- Click on the gear icon in the top right-hand corner.
- Select Certificates from the side menu.
-
Add Certificate:
- Click on Add Certificate.
- On the screen that appears, fill in the fields as described below:
- Host:
https://api.pix.voluti.com.br - PFX file: Select the PFX file of the cashin you have.
- Passphrase: If the PFX file requires a password, enter it here.
- Host:
Step 2: Generate access token
-
Create a new request in Postman.
- Click on New and select Request.
- Name your request and save it in a suitable collection.
-
Configure the request to generate the token:
- HTTP method:
POST - URL:
https://api.pix.voluti.com.br/oauth/token - Headers:
- Content-Type:
application/json
- Content-Type:
- Body: Select the raw option and enter the following JSON:
- HTTP method:
{
"client_id": "your_client_id",
"client_secret": "your_client_secret",
"scope": "optional" // Add if you need to restrict token access to certain routes
}
{
"client_id": "your_client_id",
"client_secret": "your_client_secret",
"scope": "pix.read" //Optional
}
Table with access levels by scope field
| Recursos | Leitura do escopo | Escrita escopo | Utilização acessível |
|---|---|---|---|
| Pix | pix.read | pix.write | Business token |
| Webhooks | webhook.read | webhook.write | Business token |
| Transações | transactions.read | Business token | |
| Conta | account.read | Business token |
NoteThe
client_idandclient_secretfields must be filled in with the credentials generated in Finance. Thescopefield is optional and should only be used if you want to restrict token access to certain specific API routes.
- Send the request:
- Click Send to send the request and generate the token.
- The token will be returned in the
access_tokenfield of the response.
Note:
Token can be sent as urlencoded.
Step 3: Access the Cash In routes
-
Create a new request in Postman.
- Name your request and save it in a suitable collection.
-
Configure the request to access the desired route:
- HTTP method: According to the route you want to access (GET, POST, etc.).
- URL: Enter the URL of the Cash In route you want to access.
- Headers:
- Authorization:
Bearer token_generated
- Authorization:
- Body: Configure the body of the request as required by the route.
Step 4: Configure certificate for Cash Out
- Add certificate:
- Go again to Settings > Certificates.
- Click on Add Certificate.
- On the screen that appears, fill in the fields as described below:
- Host:
https://accounts.voluti.com.br - PFX file**: Select the PFX file of the Cash Out you have.
- Passphrase: If the PFX file requires a password, enter it here.
- Host:
Step 5: Generate token and Access Cash Out routes
- Repeat Steps 2 and 3:
Follow the same steps to generate the token and access the Cash Out routes, using the URLhttps://accounts.voluti.com.br/api/v2to generate the token and to configure the requests.