Authentication
Fluentax uses the industry standard OAuth 2.0 protocol for authentication. All APIs require a valid access token to be present in the request authorization header.
Upon registration you will receive a dedicated service account with a client_id and client_secret pair. You must use these credentials to integrate your system with our APIs.
1. Acquire an access token
You must acquire your access token from the Fluentax Single Sign-on (SSO) token endpoint:
| Parameter | Value |
|---|---|
| grant_type | client_credentials |
| client_id | your client id |
| client_secret | your client secret |
| scope | the API scope e.g. fx_api |
curl https://sso.fluentax.com/auth/realms/fluentax/protocol/openid-connect/token \
-H "Content-Type: application/x-www-form-urlencoded"\
--data "grant_type=client_credentials"\
--data "client_id=<your client_id>"\
--data "client_secret=<your client_secret>"\
--data "scope=<your API scope>"
You must supply the parameters in application/x-www-form-urlencoded format.
If you are using a programming language that does not provide native support for this format, make sure to use the following parameters:
- HTTP method:
POST Content-Typeheader:application/x-www-form-urlencoded- Raw body:
grant_type=client_credentials&client_id=<your client_id in URL-encoded format>&client_secret=<your client_secret in URL-encoded format>&scope=fx_api
Response:
{
"access_token": "ey07NzjK3XUMx1wN2pig4gHA",
"expires_in": 300,
"refresh_expires_in": 0,
"token_type": "Bearer",
"not-before-policy": 0,
"scope": "fx_api"
}
Each access token is valid only for 5 minutes. After the access token expires, you must request a new access token. Refresh tokens are not supported for service accounts.
Tip: See the api-samples repository for a working sample application written in C# that demonstrates authentication.
You must ensure that your credentials are never exposed. DO NOT put your credentials in front-end code or anywhere else where they could be compromised. If you believe your credentials have been exposed, report it immediately and request a reset.
2. Access an API endpoint
When accessing an API endpoint, you must include the access_token from the token endpoint response in the request header.
Obtain AECB's bank details:
curl https://fx-api.fluentax.com/v1/banks/AECB \
-H "Authorization: Bearer <your access token>"
Response:
{
"id": "AECB",
"name": [
{
"languageCode": "en",
"name": "Central Bank of the UAE",
"abbreviatedName": "CBUAE"
},
{
"languageCode": "ar",
"name": "مصرف الإمارات العربية المتحدة المركزي",
"abbreviatedName": "CBUAE"
}
],
"dailyUpdateTime": "18:00:00",
"bankCurrency": "AED",
"countryCode": ["AE"],
"region": ["GCC"],
"timeZone": {
"windowsTimeZoneId": "Arabian Standard Time",
"ianaTimeZoneName": "Asia/Dubai"
},
"supportedFrequencies": ["Daily"],
"website": "https://www.centralbank.ae"
}