Authentication proccess
We provide a list of APIs according to our products and all of them are for private use by Creditas partners and, therefore, it is necessary that you provide an access_token in each request to use our resources.
To generate a JWT (access_token) you will need a pair of credentials sent by Creditas, they are:
- A consumer_key
- A consumer_secret
If you don't have those values check the section how to get access?
How to get an access_token
Now it's time to use the consumer_key and consumer_secret credentials to obtain the access_token , it will be necessary to inform in the authentication header of the other requests that will be used.
To obtain your access_token , it is necessary to make a request according to the url of the staging/production environment (development environments reference) and consult the necessary information in the response to be used in other requests (access_token and expires_in)
📘 Credentials by environment
The access_token must be generated according to the environment that will be used and for that it is necessary to use the corresponding consumer_key and consumer_secret credentials.HTTP request
| Environment | HTTP method | URL |
|---|---|---|
| Staging | POST | https://auth-staging.creditas.com.br/api/affiliate_clients/tokens |
| Production | POST | https://auth.creditas.com.br/api/affiliate_clients/tokens |
Request headers
| Header | Value |
|---|---|
| Accept-Version | v1 |
| Content-Type | v1 |
Request body
| Field | Type | Description |
|---|---|---|
| consumer_key | string | Your consumer_key provided for creditas |
| consumer_secret | string | Your consumer_secret provided for creditas |
Request response
| Field | Type | Description |
|---|---|---|
| access_token | string | token for access resources |
| token_type | string | Token bearer type |
| refresh_token | string | Token used to generate a new token |
| expires_in | string | Token expiration time |
Request and response example
Request
curl --location --request POST '{{url_environment}}' \--header 'Accept-Version: v1' \--header 'Content-Type: application/json' \--data-raw '{"consumer_key": "{{consumer_key}}","consumer_secret": "{{consumer_secret}}"}'
Response
{"access_token": "1234SFDSF42423dfvxc","token_type": "bearer","refresh_token": "refresh-token","expires_in": 7200}
Access token validity and expiration
Each generated access_token has an expiration time in seconds, this validity can be obtained together with the token request in the expires_in field. After the token expires, all requests will return status_code 401 (Unauthorized) , until a new token is generated.
How to use access token in requests
The use of the access_token is mandatory in all requests, only with it is it possible to access the available resources and, for that, it is necessary to send it in the header of each request, see below how it should be sent:
Request headers
| Header | Value |
|---|---|
| Accept | application/vnd.creditas.v1+json |
| Content-Type | application/json;charset=UTF-8 |
| Authorization | Bearer {{access_token}} |
Request example
curl --location --request POST '{{endpoint}}' \--header 'Accept: application/vnd.creditas.v1+json' \--header 'Content-Type: application/json;charset=UTF-8' \--header 'Authorization: Bearer {{access_token}}' \