Authentication is a crucial aspect of interacting with the Fynn API. This guide will walk you through the process of setting up and managing API keys for authentication, as well as authenticating requests both as a platform and as a customer.

Setting Up API Keys

To interact with the Fynn API, you need to generate an API key. Follow these steps to create an API key:

  1. Log in to your Fynn account (or sign up for a new account if you don’t have one) at https://app.fynn.eu.
  2. Navigate to the Developer Settings page by clicking on the settings icon on the top-right side and selecting “Settings” > “Developer” or visit https://app.fynn.eu/settings/developer.
  3. Click on the “Add API Key” button.
  4. Provide a name for your API key to help you identify its purpose.
  5. [optional] Define the expiration date for the API key. If you don’t set an expiration date, the API key will never expire.
  6. Click “Generate” to create the API key.
  7. Your API key will be displayed. Make sure to copy and securely store it, as it will not be shown again.

Deleting API Keys

To delete an API key, follow these steps:

  1. Go to the Developer Settings page.
  2. Locate the API key you wish to delete.
  3. Click on the “Delete” button next to the API key.
  4. Confirm the deletion when prompted.

Deleting an API key will immediately revoke access to the API for any application or service using it. Make sure to update your applications and services with a new API key before deleting the old one.

Authenticating Requests

To authenticate your requests to the Fynn API, include your API key in the request headers as follows:

Authorization: Bearer YOUR_API_KEY

Replace YOUR_API_KEY with your actual API key.

Authenticating as a Customer

Customers can authenticate themselves with the API to access their own data, such as payment methods and subscription details. This is done by making a POST request to our api:

Replace YOUR_API_KEY with your actual API key.

Limitations

When authenticated as a customer, access is restricted to the customer’s own data. This means that only operations related to the authenticated customer, such as managing payment methods, subscriptions, or viewing account details, are permitted.

Have a look on following permissions on the API routes:

  • ROLE_CUSTOMER
  • customer:self:read
  • customer:payment-method:add
  • customer:payment-method:read