# API keys

The API key is the code used to identify and authenticate your application. It also act as a unique identifier and provide a secret token for authentication purposes.

Permissions available:

The API key can be attached to one or more permissions.

Get all transaction details: A key with this permission can retrieve all company transaction details
Get all accounts: A key with this permission can retrieve all company account details
Create payments: A key with this permission can initiate payment(s). To authorise certain payments an additional manual approve/reject step may be required.

WARNING

Never allow third-party access to your account.

Intergiro’s business banking API is designed to provide you access to apps you’ve developed or you trust. Third parties asking for API access may be potential fraudsters.

# User permissions

API keys belong to the business account. Any account user with View API key permissions in the Customer Portal, can see all corporate API keys without any restrictions. Moreover, if the user has Renew and Delete API key permissions, they can renew and delete all the API keys of the corporation.

It is very important to provide API key management permissions solely to those users who will manage all keys on behalf of the company.

# Delete API keys

Only users granted the Create API key permission are eligible to generate new API keys. You can establish a customer role that includes this permission and extend invitations to other users within your account. Alternatively, any account administrators possess the permission to create API keys by default.

To create a new API key, first navigate to the Intergiro business account (opens new window) page. If your user has Create API key permissions, the button named + Create new key will show up on the top right corner of the page. If there is no Create button available on the API page, please contact your company administrator to check your user permissions.

If the user has this permission: To create a new API key, click on the Create button and follow the detailed instructions provided. You will be asked to select a set of roles to be assigned to the key.

After the key is successfully created, you will see the plaintext secret key on the screen.

WARNING

Please note that the API key will be displayed only once. Ensure you copy and securely store the key. For security reasons, the key is not stored on the Intergiro platform.

# API key life time

For security reasons, the key has a 90 day functionality period before it is frozen and needs to be renewed. API keys can be renewed from Intergiro Customer Portal after or even before the key is frozen.

In addition, the Customer Portal shows notifications for all keys that have 14 or fewer days left before being frozen.

To renew the key, click the Renew access button shown near each key. If the request is successful, the key will be updated and an additional 90 days will be granted to the key. To see the Renew access button the user needs to have the appropriate Renew API key permissions.

# Delete API keys

2d API keys can be easily deleted. This will immediately revoke access and any connection to the key will cease to function. This gives an opportunity to delete the keys in case they have been stolen or are no longer needed.

To delete the API key, click on the Delete button shown near each key. If the request is successful, the key will be removed from the list and access will be immediately revoked. To see the Delete button, the user needs to have an appropriate Delete API key permissions.

# Recommendations

Do not give Create 2d API key permissions to all users. Only limited users such as admins should be granted this powerful permission. Users with Create API key permissions can create a new key by assigning all possible roles, thus making all company data easily accessible via API key.

← Intro Authentication →