Skip to main content

Authentication

The Credit Platform uses the OAuth 2.0 protocol for authentication and authorization.

To get started, you will need credentials for the Celcoin Credit Platform environment. Contact the Key Account Manager responsible for your onboarding to receive your credentials.

With these credentials, you will request a token from the Credit Platform Authentication Server (POST https://sandbox.auth.flowfinance.com.br/oauth2/token). Your client_id and client_secret must be provided in the HTTP Authorization Header, prefixed by "Basic", and encoded in base64, separated by the colon symbol (":").

Example:

If your client_id is 68idti5emrrkmqhftmsb3pfo6u and your client_secret is 16idl1w9mia17afqbdb69ivoj1ur6f8fk3mturj5p9mdb267bkrc, the final request, in CURL, looks like this:

javascript

curl --request POST \ --url https://sandbox.auth.flowfinance.com.br/oauth2/token \ --header 'accept: application/json' \ --header 'authorization: Basic NjhpZHRpNWVtcnJrbXFoZnRtc2IzcGZvNnU6MTZpZGwxdzltaWExN2FmcWJkYjY5aXZvajF1cjZmOGZrM210dXJqNXA5bWRiMjY3YmtyYw==' \ --header 'content-type: application/x-www-form-urlencoded' \ --data grant_type=client_credentials

❗️

Attention:

Unlike other endpoints in the Credit API, the Host for this call is https://sandbox.auth.flowfinance.com.br .

O header HTTP Content-type da chamada precisa ser application/x-www-form-urlencoded, e o parâmetro grant_type precisa ser informado com o valor client_credentials.

The received token must be sent in subsequent requests to the Platform, using the HTTP header Authorization, with the received token prefixed by "Bearer". Example:

"Authorization: Bearer <token>"

A token expires in 3600 seconds, so you don't need to get a new one for every request.

Click here to learn more about the client_credentials authentication flow in the Oauth 2.0 protocol.