Credentials, Certificate and Authorization

Open Finance API credential, certificate, and authorization information.

To integrate the open Finance API to your system or your platform, it is necessary to have a Gerencianet Digital Account.

Don't have an account?



Once you have access, you will be able to obtain the credentials and certificate needed to communicate with the Open Finance API.

See below how to obtain credentials, certificates and details about the authorization and security of your integration with Gerencianet.

Getting the application credentials

An integrator can create as many applications as he wants. For each application, 2 pairs of Client_Id and Client_Secret keys are generated, one pair for use in the Production environment and the other for Homologation.

Understanding the application scopes

When creating or editing an application in your Gerencianet Account, you will need to configure the scopes that the application will have access to. Choosing these scopes will define the actions that an application will be authorized to perform via API.

The scopes available in the Gerencianet Account Opening API are listed below with their respective descriptions:

  • gn.opb.participants.read - Permission to get the Open Finance participants;
  • gn.opb.payment.pix.send - Permission to start Pix via Open Finance;
  • gn.opb.config.write - Permission to write in the account's URL settings;
  • gn.opb.config.read - Permission to read the account's URL settings;

Create an application or configure an existing one

To create a new application or configure an existing one, you can access the link.


Generating and converting the P12 certificate

To generate a certificate and convert it, if necessary, you can access the link


Base routes

Base route or base URL's for environments, use the route below to communicate your application with the production or homologation environment offered by Gerencianet.

"URL": {
"Production": "https://apis.gerencianet.com.br/"
}

OAuth2 authentication

The process to authenticate in the Gerencianet Payment API follows the [OAuth2]((http://oauth.net/2/) process, in this process, it is included the security certificate generated in your Gerencianet account. Through this, the OAuth2 authentication can access the authorizations of you application and authorize or deny the requests.

For more details regarding authentication with OAuth2, just click on the button below:



Authorization

The Payments API requires the use of a PFX(.p12) certificate that is generated in your Gerencianet account. The Auth2 provides an authorization mechanism called mutual Transport Layer Security (mTLS) through the certificate created in your Gerencianet account, this method adds another level of security to the requests between your application and the Gerencianet Payment API.

For more details about the PFX(.p12) creation and the mTLS pattern, just click on the button below:



Confguring tests on Postman

To proceed with the Postman configuration step, you must have:

  1. A pair of Client_Id and Client_Secret credentials of an application registered in your Gerencianet Account;
  2. A P12/PEM certificate generated in your Gerencianet account;
  3. The Postman software installed on your computer (If you don't have it, click here to download it);

1. Importing the Open Finance API Collection

This is the link to our Collection that we will keep updated with the Gerencianet Account opening API endpoints.



  1. With Postman started, use the shortcut Ctrl+O to open the import screen;
  2. Select Collection file;
  3. Click Import
Ilustração do início do processo de importação

Ilustração da importação do arquivo

Ilustração da etapa final da importação

2. Creating an Environment

Creating an Environment in Postman is necessary for some automations built into the collection to work. These automations are designed to make it easier for developers during testing.

With them you need to request the authorization only once, and then the access_token is recorded as a Postman environment variable, available for use in subsequent requests.

To create an Environment follow the steps below.

  1. Use the Ctrl+N shortcut and select 'Environment';
  2. Give a name specifying whether this Environment will be pointed to the production or homologation environment;
  3. Create the variable gn-api-open-finance and in initial value enter the URL of the Production or Homologation Payment API;
  4. Save your Environment;
  5. Select the desired Environment, so Postman will understand the created variable.

The images below shows the steps above. As an example, an Environment was created for Gerencianet Open Finance API Production environment.

Criando um novo environment

Configurações do environment

3. Setting the certificate in Postman

All requests made to the Gerencianet Payment API need the certificate generated in your Gerencianet account. Therefore, to help you testing Postman, follow the steps below to configure the certificate usage during requests automatically:

  1. Click the gear icon in the upper right corner of the Postman;
  2. Then click "Settings" to open the settings;
  3. In the top tab, click "Certificates";
  4. Then click on "Add Certificate";
  5. In the configuration window of the new certificate, fill the "Host" field with the Base Route of the environment to which the certificate belongs (Production or Homologation);
  6. Use the "PFX File" field to tell Postman where your P12/PEM certificate file is located;
  7. Finish by clicking "Add" to save your settings.

By following these steps, Postman will use the certificate for any requests made to the Host of the configured environment.


Acessando as configurações do Postman

Adicionando um novo certificado no Postman

Configurações do certificado

4. Assigning the Client_Id and Client_Secret in Postman

To complete the configuration of your Postman it is necessary to configure the credentials of an application of your Gerencianet account. These credentials are used for Basic Auth and to get the access_token from OAuth.

Follow the steps below to include the credentials and perform your first test in the Pix Gerencianet API.

  1. In the imported collection, navigate to the /oauth/token route and double-click to open;
  2. Go to the "Authorization" menu and make sure that the "Type" (authorization type) is selected as "Basic Auth";
  3. In the "username" and "password" fields fill with your application credentials, Client_Id and Client_Secret respectively;
  4. To test, click the "Send" button to submit the request

The image below illustrates the steps above. If everything was followed correctly, you should get a response in JSON format, containing the access_token, token_type, expires_in e scope (like the image bellow).

Uso das credenciais de uma aplicação para autorização de requisições

Get authorization

POST/oauth/token

This endpoint is used to authorize an application's credentials and get the scopes that the application has to access the other API endpoints. The P12/PEM certificate must be present in the authorization request for the handshake with the API server to be allowed.

Examples of authorization using the certificate. P12

To use the Gerencianet Payment API, the client and server must communicate on a verified connection to each other. Verification is done by the two-way certificate (.PEM or .P12), that is, the server and client have implemented a private key certificate and a public key certificate that allows one to ensure the identity of the other.

Therefore to make any HTTP request to the Open Finance API, including the authorization request with OAuth2, it is necessary the certificate .P12, or .pem, in the request headers.

Below are examples of how to consume the Authorization of the Gerencianet Open Finance API by incorporating this certificate into the request.

<?php //Desenvolvido pela Consultoria Técnica da Gerencianet
$config = [
"certificado" => "./certificado.pem",
"client_id" => "YOUR-CLIENT-ID",
"client_secret" => "YOUR-CLIENT-SECRET"
];
$autorizacao = base64_encode($config["client_id"] . ":" . $config["client_secret"]);
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "https://apis.gerencianet.com.br/oauth/token", // Rota base, homologação ou produção
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => '{"grant_type": "client_credentials"}',
CURLOPT_SSLCERT => $config["certificado"], // Caminho do certificado
CURLOPT_SSLCERTPASSWD => "",
CURLOPT_HTTPHEADER => array(
"Authorization: Basic $autorizacao",
"Content-Type: application/json"
),
));
$response = curl_exec($curl);
curl_close($curl);
echo "<pre>";
echo $response;
echo "</pre>";
Authorization example of response
The code snippet below represents an example of OAuth's response to your authorization request.
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "gn.opb.paticipants.read gn.opb.pix.send gn.opb.config.write gn.opb.config.read"
}

The table below describes the attributes present in the returned JSON.

AttributeDescriptionType
access_token Authorization token to be used in other requests made to the API.String
token_type Authorization type in which access_token should be used

Default: "Bearer"		String
expires_in access_token expiration time in seconds.

Default: 3600		Integer (int32)
scope List of scopes to which the authorized application has access. Scopes are space-separated.String