Credentials, Certificate and Authorization
Open Finance API credential, certificate, and authorization information.
To integrate the open Finance API to your system or your platform, it is necessary to have a Gerencianet Digital Account.
Don't have an account?
Once you have access, you will be able to obtain the credentials and certificate needed to communicate with the Open Finance API.
See below how to obtain credentials, certificates and details about the authorization and security of your integration with Gerencianet.
Getting the application credentials
An integrator can create as many applications as he wants. For each application, 2 pairs of Client_Id
and Client_Secret
keys are generated, one pair for use in the Production environment and the other for Homologation.
Understanding the application scopes
When creating or editing an application in your Gerencianet Account, you will need to configure the scopes that the application will have access to. Choosing these scopes will define the actions that an application will be authorized to perform via API.
The scopes available in the Gerencianet Account Opening API are listed below with their respective descriptions:
- gn.opb.participants.read - Permission to get the Open Finance participants;
- gn.opb.payment.pix.send - Permission to start Pix via Open Finance;
- gn.opb.config.write - Permission to write in the account's URL settings;
- gn.opb.config.read - Permission to read the account's URL settings;
Create an application or configure an existing one
To create a new application or configure an existing one, you can access the link.
Generating and converting the P12 certificate
To generate a certificate and convert it, if necessary, you can access the link
Base routes
Base route or base URL's for environments, use the route below to communicate your application with the production or homologation environment offered by Gerencianet.
- Production
- Homologation
OAuth2 authentication
The process to authenticate in the Gerencianet Payment API follows the [OAuth2]((http://oauth.net/2/) process, in this process, it is included the security certificate generated in your Gerencianet account. Through this, the OAuth2 authentication can access the authorizations of you application and authorize or deny the requests.
For more details regarding authentication with OAuth2, just click on the button below:
Authorization
The Payments API requires the use of a PFX(.p12) certificate that is generated in your Gerencianet account. The Auth2 provides an authorization mechanism called mutual Transport Layer Security (mTLS) through the certificate created in your Gerencianet account, this method adds another level of security to the requests between your application and the Gerencianet Payment API.
For more details about the PFX(.p12) creation and the mTLS pattern, just click on the button below:
Confguring tests on Postman
To proceed with the Postman configuration step, you must have:
- A pair of
Client_Id
andClient_Secret
credentials of an application registered in your Gerencianet Account; - A P12/PEM certificate generated in your Gerencianet account;
- The Postman software installed on your computer (If you don't have it, click here to download it);
1. Importing the Open Finance API Collection
This is the link to our Collection that we will keep updated with the Gerencianet Account opening API endpoints.
- With Postman started, use the shortcut
Ctrl+O
to open the import screen; - Select Collection file;
- Click Import
2. Creating an Environment
Creating an Environment in Postman is necessary for some automations built into the collection to work. These automations are designed to make it easier for developers during testing.
With them you need to request the authorization only once, and then the access_token
is recorded as a Postman environment variable, available for use in subsequent requests.
To create an Environment follow the steps below.
- Use the
Ctrl+N
shortcut and select 'Environment'; - Give a name specifying whether this Environment will be pointed to the production or homologation environment;
- Create the variable
gn-api-open-finance
and in initial value enter the URL of the Production or Homologation Payment API; - Save your Environment;
- Select the desired Environment, so Postman will understand the created variable.
The images below shows the steps above. As an example, an Environment was created for Gerencianet Open Finance API Production environment.
3. Setting the certificate in Postman
All requests made to the Gerencianet Payment API need the certificate generated in your Gerencianet account. Therefore, to help you testing Postman, follow the steps below to configure the certificate usage during requests automatically:
- Click the gear icon in the upper right corner of the Postman;
- Then click "Settings" to open the settings;
- In the top tab, click "Certificates";
- Then click on "Add Certificate";
- In the configuration window of the new certificate, fill the "Host" field with the Base Route of the environment to which the certificate belongs (Production or Homologation);
- Use the "PFX File" field to tell Postman where your P12/PEM certificate file is located;
- Finish by clicking "Add" to save your settings.
By following these steps, Postman will use the certificate for any requests made to the Host of the configured environment.
4. Assigning the Client_Id and Client_Secret in Postman
To complete the configuration of your Postman it is necessary to configure the credentials of an application of your Gerencianet account. These credentials are used for Basic Auth and to get the access_token
from OAuth.
Follow the steps below to include the credentials and perform your first test in the Pix Gerencianet API.
- In the imported collection, navigate to the
/oauth/token
route and double-click to open; - Go to the "Authorization" menu and make sure that the "Type" (authorization type) is selected as "Basic Auth";
- In the "username" and "password" fields fill with your application credentials, Client_Id and Client_Secret respectively;
- To test, click the "Send" button to submit the request
The image below illustrates the steps above. If everything was followed correctly, you should get a response in JSON format, containing the access_token
, token_type
, expires_in
e scope
(like the image bellow).
Get authorization
This endpoint is used to authorize an application's credentials and get the scopes that the application has to access the other API endpoints. The P12/PEM certificate must be present in the authorization request for the handshake with the API server to be allowed.
Examples of authorization using the certificate. P12
To use the Gerencianet Payment API, the client and server must communicate on a verified connection to each other. Verification is done by the two-way certificate (.PEM or .P12), that is, the server and client have implemented a private key certificate and a public key certificate that allows one to ensure the identity of the other.
Therefore to make any HTTP request to the Open Finance API, including the authorization request with OAuth2, it is necessary the certificate .P12, or .pem, in the request headers.
Below are examples of how to consume the Authorization of the Gerencianet Open Finance API by incorporating this certificate into the request.
- php
- Node
- Python
- C#
- Ruby
- Java
- Go
The code snippet below represents an example of OAuth's response to your authorization request.
- Response
The table below describes the attributes present in the returned JSON.
Attribute | Description | Type |
---|---|---|
access_token | Authorization token to be used in other requests made to the API. | String |
token_type | Authorization type in which access_token should be used Default: "Bearer" | String |
expires_in | access_token expiration time in seconds. Default: 3600 | Integer (int32) |
scope | List of scopes to which the authorized application has access. Scopes are space-separated. | String |