LogoLogo
StatusChangelogDashboardCreate a Ticket
  • Getting Started
  • Intro to APIs
  • How to Contact us
  • How to Go-Live
  • Intro to Risk
  • Intro to Spec Sheets
  • Product Guides
    • Deposit Hub
      • 🌎Global Cash
    • Credit Hub
    • Payment Accounts
    • ID Score
  • API References
    • OAuth
      • OAuth Object Details
      • Create OAuth Key
      • Generate Refresh Token
    • Users
      • User Object Details
      • Testing on UAT
      • View All Users
      • View User
      • Create User
      • Update User
      • Generate UBO Doc
      • Manage Duplicates
      • Allowed Document Types
      • Allowed Entity Scopes
      • Allowed Entity Types
    • Nodes
      • Node Object Details
      • Testing on UAT
      • View all User Nodes
      • View Node
      • Create Node
      • Update Node
      • Generate eCash Barcode
      • Allowed Node Types
      • View ATMs
    • Subnets
      • Subnet Object Details
      • Testing on UAT
      • View all Node Subnets
      • View Subnet
      • Create Subnet
      • Update Subnet
      • Push to Wallet
    • Shipments
      • Shipment Object Details
      • View all Subnet Shipments
      • View Shipment
      • Create Shipment
      • Cancel Shipment
    • Statements
      • Statement Object Details
      • View all User Statements
      • View all Node Statements
    • Transactions
      • Transaction Object Details
      • Testing on UAT
      • View all User Transactions
      • View all Node Transactions
      • View Transaction
      • Create Transaction
      • Create Batch Transactions
      • Cancel Transaction
      • Retry ACH Transaction
      • Dispute Chargebacks
      • Dispute Transaction
    • Subscriptions
      • Subscription Object Details
      • Webhook Object Details
      • Testing on UAT
      • View all Subscriptions
      • View Subscription
      • Create Subscription
      • Update Subscription
      • View Webhook Logs
    • Miscellaneous
      • Dummy Transactions
      • Verify Address
      • Verify Routing Number
      • International WIRE-INT Required Data by Country
      • View Billers
      • View Enriched Data
      • Loan Limits
      • Transaction Decisioning
      • 3D Secure
      • Virtual Terminal
      • Pre-Authorization
      • Card Disputes Guide
      • Mobile Wallets
      • Interchange Revenue
      • Enrichment Guide
  • Developer Guides
    • User Onboarding
      • Create User Flow
      • Authenticate as the User
      • Create Node Flow
        • Cash Advance
        • Credit Builder Loan
        • One Time Loans
        • Secured Open Loans
        • Secured Revolving Loans
        • Unsecured Revolving Loans
      • Create Subnets Flow
        • Creating Cards
        • Creating AC/RT
      • Linking External Accounts
        • Linking Cards
        • Linking External Bank Account
      • Add Additional Documents
    • Account Details
      • Displaying Balances
      • Transaction History
      • Transaction Details
      • Account Agreements
      • Node Statements
      • Card Details
    • Managing Cards
      • Card Preferences
      • Setting PIN
      • Mobile Wallet Flow
        • Integrate with Apple Pay
        • Integrate with Google Pay
        • Integrate with Samsung Pay
      • Shipping Cards
    • Originating Transactions
      • Sending Fed Wires
      • Sending ACH Transfers
      • Sending International Wires
      • Deposit a Check
      • Issuing Checks
      • Recurring Transactions
      • 3rd Party Payment Accounts
      • Cancelling Transactions
      • Exceeding Origination Limits
    • Receiving Transactions
      • Transaction Decisioning
      • Receiving ACH / Wires
      • Card Transactions
      • Exceeding Inbound Limits
    • Managing Disputes
      • ACH Disputes
      • Card Disputes
    • 3rd Party Integrations
      • Payment Integrations
      • Account Aggregators
      • 3rd Parties & Compliance
  • Recipes
    • Overdraft Protection
    • Social Banking
    • Monetizing Transactions
Powered by GitBook
On this page
  • OAuth
  • Example Request

Was this helpful?

Export as PDF
  1. API References
  2. OAuth

Create OAuth Key

OAuth Details

Key
Type
Required
Description

refresh_token

String

Required during POST

Token used to generate an OAuth Object.

scope

Array of Strings

Required during POST

Fingerprints

As fingerprints are required for OAuth key generation calls, there are options to consider related to the users fingerprint.

Key
Type
Required
Description

is_active

Boolean

Optional

Will execute the MFA flow, to allow changing of is_protected fingerprint value.

is_protected

Boolean

Optional (Requires is_active:true)

OAuth

POST https://api.synapsefi.com/v3.1/oauth/:user_id

This endpoint allows you to generate an OAuth token for a specific user so that you can perform necessary actions on behalf of the user.

Path Parameters

Name
Type
Description

user_id

string

ID of the user you wish to generate an OAuth token for.

Headers

Name
Type
Description

X-SP-USER

string

OAuth key and device fingerprint of the user separated by a pipe. In this API call, only the device fingerprint is required.

X-SP-USER-IP

string

IP Address of the user device.

X-SP-GATEWAY

string

Your Client ID and Secret separated by a pipe.

Request Body

Name
Type
Description

validation_pin

string

In case of MFA verification, the code delivered to the phone_number.

phone_number

string

Phone number where the MFA code will be sent in an instance of a new fingerprint registration.

scope

array

Array of Scopes the OAuth key will allow. Go to Possible Scopes to learn more.

refresh_token

string

Refresh token associated with the user.

{
    "client_id": "589acd9ecb3cd400fa75ac06",
    "client_name": "SynapseFi",
    "expires_at": "1607975765",
    "expires_in": "7200",
    "oauth_key": "oauth_CA1PJ45ILl2kyhaKGbNgntDQHwe6EifOsvz807ZV",
    "refresh_expires_in": 9,
    "refresh_token": "refresh_ydA5vGjnbHh2SipakwIMJe0TUVmKg7Dt8rBC6N1R",
    "scope": [
        "USER|PATCH",
        "USER|GET",
        "NODES|POST",
        "NODES|GET",
        "NODE|GET",
        "NODE|PATCH",
        "NODE|DELETE",
        "TRANS|POST",
        "TRANS|GET",
        "TRAN|GET",
        "TRAN|PATCH",
        "TRAN|DELETE",
        "SUBNETS|POST",
        "SUBNETS|GET",
        "SUBNET|GET",
        "SUBNET|PATCH",
        "STATEMENTS|GET",
        "STATEMENT|GET",
        "STATEMENTS|POST",
        "CONVERSATIONS|POST",
        "CONVERSATIONS|GET",
        "CONVERSATION|GET",
        "CONVERSATION|PATCH",
        "MESSAGES|POST",
        "MESSAGES|GET"
    ],
    "user_id": "5faa6da8f8db933dac59bdc5"
}
{
    "error": {
        "en": "Fingerprint not registered. Please perform the MFA flow."
    },
    "error_code": "10",
    "http_code": "202",
    "phone_numbers": [
        "901.111.1111"
    ],
    "success": false
}
{
    "error_code": "10",
    "http_code": "202",
    "message": {
        "en": "MFA sent to 901.942.8167."
    },
    "success": true
}
{
    "error": {
        "code": "invalid_fingerprint",
        "en": "Fingerprint not registered."
    },
    "error_code": "300",
    "http_code": "401",
    "success": false
}

Example Request

POST /v3.1/oauth/5faa6da8f8db933dac59bdc5 HTTP/1.1
Host: uat-api.synapsefi.com
X-SP-GATEWAY: client_id_2bb1e412edd311e6bd04e285d6015267|client_secret_6zZVr8biuqGkyo9IxMO5jY2QlSp0nmD4EBAgKcJW
X-SP-USER-IP: 255.127.79.76
X-SP-USER: |e83cf6ddcf778e37bfe3d48fc78a6502062fc
Content-Type: application/json

{
  "refresh_token": "refresh_ydA5vGjnbHh2SipakwIMJe0TUVmKg7Dt8rBC6N1R",
  "scope": [
    "USER|PATCH",
    "USER|GET",
    "NODES|POST",
    "NODES|GET",
    "NODE|GET",
    "NODE|PATCH",
    "NODE|DELETE",
    "TRANS|POST",
    "TRANS|GET",
    "TRAN|GET",
    "TRAN|PATCH",
    "TRAN|DELETE",
    "SUBNETS|POST",
    "SUBNETS|GET",
    "SUBNET|GET",
    "SUBNET|PATCH",
    "STATEMENTS|GET",
    "STATEMENT|GET",
    "STATEMENTS|POST",
    "CONVERSATIONS|POST",
    "CONVERSATIONS|GET",
    "CONVERSATION|GET",
    "CONVERSATION|PATCH",
    "MESSAGES|POST",
    "MESSAGES|GET"
  ]
}
curl --location --request POST 'https://uat-api.synapsefi.com/v3.1/oauth/5faa6da8f8db933dac59bdc5' \
--header 'X-SP-GATEWAY: client_id_2bb1e412edd311e6bd04e285d6015267|client_secret_6zZVr8biuqGkyo9IxMO5jY2QlSp0nmD4EBAgKcJW' \
--header 'X-SP-USER-IP: 255.127.79.76' \
--header 'X-SP-USER: |e83cf6ddcf778e37bfe3d48fc78a6502062fc' \
--header 'Content-Type: application/json' \
--data-raw '{
    "refresh_token":"refresh_ydA5vGjnbHh2SipakwIMJe0TUVmKg7Dt8rBC6N1R",
    "scope":[
        "USER|PATCH",
        "USER|GET",
        "NODES|POST",
        "NODES|GET",
        "NODE|GET",
        "NODE|PATCH",
        "NODE|DELETE",
        "TRANS|POST",
        "TRANS|GET",
        "TRAN|GET",
        "TRAN|PATCH",
        "TRAN|DELETE",
        "SUBNETS|POST",
        "SUBNETS|GET",
        "SUBNET|GET",
        "SUBNET|PATCH",
        "STATEMENTS|GET",
        "STATEMENT|GET",
        "STATEMENTS|POST",
        "CONVERSATIONS|POST",
        "CONVERSATIONS|GET",
        "CONVERSATION|GET",
        "CONVERSATION|PATCH",
        "MESSAGES|POST",
        "MESSAGES|GET"
    ]
}'

PreviousOAuth Object DetailsNextGenerate Refresh Token

Last updated 2 years ago

Was this helpful?

Scopes denote which API calls and actions the OAuth key is allowed to do. This field is worth customizing if you will be sending the OAuth key to the client device for certain actions reducing the damage a attack can do.

Setting to true prevents a fingerprint from being removed once the is reached.

man-in-the-middle
fingerprint array capacity limit