Authentication
Every request to the Financial Line API must be authenticated. Authentication takes place using HTTP headers and the following variables:
$ curl "https://api.finline.io/api/v1/pos/${POS_ID}/orders/0" \
-H "X-API-AUTH: CPAY ${API_KEY}:${API_SECRET}" \
-H "X-API-KEY: ${ENDPOINTS_KEY}"
Use these headers in all API requests to the server, including both GET
and POST
requests.
Note that header values are case sensitive, but header names are not.
If data about these headers is missing in the request or is incorrect, in this case the response will be returned as follows:
{
"args": {
"code": "S-404"
},
"message": "Invalid pos_id field or credentials"
}
caution
Credentials are confidential. Please adhere to these recommendations when handling them:
- Do not share them with anyone who is not involved in the integration process.
- Ensure that credentials are stored securely, using encrypted storage solutions such as a secrets management system.
- Never hard-code credentials directly into your source code or commit them to version control systems. Educate team members about the importance of credential security and enforce strict policies to protect sensitive information.
- Regularly rotate credentials and review access permissions to ensure only authorized personnel have access. You can find out which roles allow users to access your projects' credentials in the Team section of the Merchant Portal.
- Monitor the usage of credentials to detect any unauthorized access or suspicious activity promptly. If credentials are compromised, follow the incident response plan to revoke and replace them immediately. Please notify Financial Line support team immediately in order to aid in key rotation.