Security model
The Finqware API is protected by a number of keys and tokens.
It is important to follow the best practice around where it's safe to store/use them. You can make an API call from a web application using the client_id
, but use an access_token
only from your server-side code. Currently, a generally accepted opinion among security experts is that you cannot safely store secrets in a client application (web or mobile code).
Besides the API keys listed here, the /v1s is an extra secured endpoint (recommended for production) that requires message digest & signing - please check the details here.
Last updated