FinFusion

Authentication

Learn how to authenticate your requests to the FinFusion API

Security Notice

Never expose your API keys in client-side code or public repositories. Always use environment variables to store sensitive credentials.

Overview

FinFusion provides multiple authentication methods to secure your API requests. Choose the method that best suits your integration needs.

API Keys

Obtaining API Keys

  1. Sign up for a FinFusion account at dashboard.finfusion.cloud
  2. Navigate to the API Keys section in your dashboard
  3. Generate a new API key for your environment (sandbox or production)
  4. Store your API key securely - it won't be shown again

API Key Types

Sandbox Keys

Use for testing and development. No real transactions are processed.

Production Keys

Use for live transactions. Handle with extra security.

Authentication Methods

Bearer Token

The simplest way to authenticate. Include your API key in the Authorization header.

bearer-auth.ts 
// Using Bearer Token
const finfusion = new FinFusion({
  apiKey: 'your_api_key',
  environment: 'sandbox'
});
curl-example.sh 
curl -X POST https://api.finfusion.cloud/v1/payments \
  -H "Authorization: Bearer your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"amount": 1000, "currency": "USD"}'

OAuth 2.0

For more complex integrations requiring different access levels and token management.

oauth-auth.ts 
// Using OAuth 2.0
const finfusion = new FinFusion({
  clientId: 'your_client_id',
  clientSecret: 'your_client_secret',
  environment: 'sandbox'
});

// Get access token
const token = await finfusion.auth.getToken({
  scope: ['payments', 'accounts']
});
oauth-token.sh 
curl -X POST https://api.finfusion.cloud/oauth/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials" \
  -d "client_id=your_client_id" \
  -d "client_secret=your_client_secret" \
  -d "scope=payments accounts"

Security Best Practices

🔐 Secure Storage

Store API keys in environment variables or secure key management systems.

🔄 Regular Rotation

Rotate API keys periodically and immediately if compromised.

🔍 Access Monitoring

Monitor API key usage and set up alerts for suspicious activity.

🛡️ Minimal Scope

Use the minimum required permissions for each API key.