Skip to main content

Overview

The Inventi Payment Platform API uses OAuth 2.0 for authentication. To access the API, you need to obtain a bearer token from the authorization server and include it in all API requests.
IP Whitelisting Required: Before you can access the API, your IP address must be whitelisted. Contact [email protected] to register your IP addresses.

Obtaining a Bearer Token

To authenticate with the API, you need to obtain a bearer token using the OAuth 2.0 client credentials flow.

Token Request

Use the following cURL command to obtain a bearer token: 
curl -X POST \
  --location 'https://auth.sandbox.finventi.com/realms/<client-name>/protocol/openid-connect/token' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data-urlencode 'grant_type=client_credentials' \
  --data-urlencode 'client_id=api-sepa-gateway-client' \
  --data-urlencode 'client_secret=<client-secret>'

Parameters

grant_type
string
required
Must be set to client_credentials
client_id
string
required
Always use api-sepa-gateway-client
client_secret
string
required
Your client secret obtained from the SEPA Dashboard UI

Variables to Replace

  • <client-name>: Your TenantID assigned by the Inventi team during initial configuration. This can be found in the Configuration Matrix shared with your representative.
  • <client-secret>: Your API client secret, available in the Inventi Payment Platform under API Credentials

Token Response

A successful response will include your access token: 
{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6IC...",
  "expires_in": 2700,
  "refresh_expires_in": 0,
  "token_type": "Bearer",
  "not-before-policy": 0,
  "scope": "profile email"
}
The bearer token is valid for 45 minutes. After expiration, you’ll need to request a new token.

Using the Bearer Token

Include the bearer token in the Authorization header of all API requests with the Bearer prefix.

Authorization Header Format

Authorization: Bearer <bearer-token>

Example API Request

Here’s an example of using the bearer token to create a SEPA payment: 
curl --location --request POST 'https://api.pgw-sandbox.finventi.com/gateway/createSepaPmt' \
  --header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6IC...' \
  --header 'Content-Type: application/json' \
  --header 'Idempotency-Key: 123e4567-e89b-12d3-a456-426655440000' \
  --data '{
    "payment": {
      "amount": 100.50,
      "currency": "EUR",
      "creditorIban": "LT123456789012345678",
      "debtorIban": "LT987654321098765432"
    }
  }'

Authentication Flow Diagram

Best Practices

Token Management

  • Cache tokens until they expire
  • Implement token refresh logic before expiration
  • Never expose tokens in client-side code

Security

  • Store client secrets securely
  • Use environment variables for credentials
  • Rotate client secrets regularly

Common Issues

Invalid Client Credentials

If you receive an authentication error, verify:
  • Your client secret is correct and hasn’t been rotated
  • The TenantID (client-name) is correctly specified
  • Your IP address is whitelisted

Expired Token

If you receive a 401 Unauthorized error:
  • Check if 45 minutes have passed since token generation
  • Request a new bearer token
  • Update your application’s token cache

Next Steps

Once authenticated, you can access regulatory services: