API Reference
Start typing to search…

Authentication and security

When using Voluti's APIs, it's essential to know how to securely and effectively manage your authentication credentials.

We use the OAuth 2.0 protocol's credential flow to secure our APIs. It is essential to obtain your client_id and client_secret, as they are key to authenticating and authorizing requests to Voluti's APIs. This guide covers the best practices for managing these credentials in your integrations with Voluti APIs.

Credential Management

When using Voluti APIs, it is crucial to understand how to properly manage the credentials needed to access them. Here are some important guidelines and steps:

  1. SSL/TLS Certificates: All communications with Voluti APIs are protected by SSL/TLS, ensuring that data is encrypted during transmission to prevent interception attacks.

  2. Application Identification: To obtain an access token, make a request to the token generation endpoint using your client_id and client_secret, thereby authenticating the application with Voluti's authentication server.

  3. Access to Endpoints: All API endpoints require a valid access token to authorize requests, which is obtained after successful authentication.

  4. Use of the access_token: After generating the access token, you can test our APIs and features for 300 seconds.

  5. Token Renewal: Access tokens have a limited lifespan and must be renewed periodically to avoid interruptions in application operations caused by expired tokens.

Note:

Cash In and Cash Out: It is important to note that Cash In and Cash Out operations in Voluti APIs use different certificates. Make sure you use the correct certificate when dealing with each type of operation.

Credential Security

In addition to ensuring secure access to Voluti's API resources, it’s crucial to protect your credentials. Here are some best practices:

  1. Secure Storage: Credentials, such as client_secret and access tokens, should be stored securely in a controlled and protected environment.

  2. Secure Transmission: Always use secure channels, such as SSL/TLS, when transmitting credentials to protect against interception.

  3. Don’t Share Credentials: Never share sensitive credentials, such as client_secret, with unauthorized parties.

  4. Regular Rotation: Rotate credentials regularly, especially if a compromise is suspected.

Updated 8 months ago

Did this page help you?

Updated 8 months ago

Did this page help you?