Skip to main content

Overview

The Inventi VoP API uses OAuth 2.0 for authentication. To access the API, you need to obtain a bearer token from the authorization server and include it in all API requests.
IP Whitelisting Required: Before you can access the API, your IP address must be whitelisted. Contact [email protected] to register your IP addresses.

Auth server URLs

  • Production
  • Test
https://auth.finventi.com

Obtaining a Bearer Token

To authenticate with the API, you need to obtain a bearer token using the OAuth 2.0 client credentials flow.

Token Request

Use the following cURL command to obtain a bearer token: 
curl -X POST \
--location '<auth-server-url>/realms/<client-name>/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=api-vop-client' \
--data-urlencode 'client_secret=<client-secret>'

Parameters

grant_type
string
required
Must be set to client_credentials
client_id
string
required
Always use api-vop-client
client_secret
string
required
Your client secret obtained from the SEPA Dashboard UI

Variables to Replace

  • <auth-server-url>: Use https://auth.sandbox.finventi.com/ for TEST or https://auth.finventi.com/ for PROD
  • <client-name>: Your TenantID assigned by the Inventi team during initial configuration. This can be found in the Configuration Matrix shared with your representative
  • <client-secret>: Your API client secret, available in the SEPA Dashboard UI by navigating to User ManagementClientsapi-vop-clientCredentialsClient Secret

Token Response

A successful response will include your access token: 
{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6IC...",
  "expires_in": 2700,
  "refresh_expires_in": 0,
  "token_type": "Bearer",
  "not-before-policy": 0,
  "scope": "profile email"
}
The bearer token is valid for 45 minutes. After expiration, you’ll need to request a new token.

Using the Bearer Token

Include the bearer token in the Authorization header of all API requests with the Bearer prefix.

Authorization Header Format

Authorization: Bearer <bearer-token>

Example API Request

Here’s an example of using the bearer token to import VoP account data: 
curl --location --request POST 'https://api.vop-sandbox.finventi.com/api/v1/accounts' \
--header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6IC...' \
--header 'Content-Type: application/json' \
--data '{
  "iban": "LT123456789012345678",
  "account_holder_name": "John Doe"
}'

Best Practices

Token Management

  • Cache tokens until they expire
  • Implement token refresh logic before expiration
  • Never expose tokens in client-side code

Security

  • Store client secrets securely
  • Use environment variables for credentials
  • Rotate client secrets regularly

Common Issues

If you receive an authentication error, verify:
  • Your client secret is correct and hasn’t been rotated
  • The TenantID (client-name) is correctly specified
  • Your IP address is whitelisted
If you receive a 401 Unauthorized error:
  • Check if 45 minutes have passed since token generation
  • Request a new bearer token
  • Update your application’s token cache
If you cannot connect to the API:
  • Verify your IP address is registered with Inventi
  • Contact [email protected] to add your IP
  • Check for any network changes (VPN, proxy, etc.)

Next Steps

Once authenticated, you can start using VoP services:

Testing Guide

Complete mandatory test scenarios before production

Verify Account Holder

Verify IBAN and account holder details in real-time

Manage VoP Accounts

Import and manage account verification data