The Finqware API is protected by a number of keys and tokens.
It is important to follow the best practice around where it's safe to store/use them. You can make an API call from a web application using the
client_id, but use an
access_token only from your server-side code. Currently, a generally accepted opinion among security experts is that you cannot safely store secrets in a client application.
An identifier for a tenant app
A secret generated for each tenant app
Used to initate a user session
A temporary token that can be exchanged for an access_token
A permanent token authorizing access to user data
Points to user data (eg: a bank account, an insurance)