API Only

6min
1. Generate Your Credentials
As a first step, please contact Klavi business personnel([email protected]) to create Sandbox environment API credentials for you. These will give you access to Klavi Sandbox environment WhiteLabel/APIs and test financial institutions until you are ready to upgrade to a paid plan with live financial institutions and real customers.
Regardless of the environment, please ensure the security of this credentials, which means that the backend must be saved.
2. Welcome Your First Customer
Follow the 4 steps below to create a test customer and share some test accounts with Open finance.
You should use the backend system to create an accessToken.
Command:
Shell
curl --location 'https://api-sandbox.klavi.ai/data/v1/auth' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{"accessKey":"string","secretKey":"string"}'
curl --location 'https://api-sandbox.klavi.ai/data/v1/auth' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{"accessKey":"string","secretKey":"string"}'
﻿
Expected response:
JSON
{
    "accessToken": "JhbGciOiJFUzI1NiIs.QtYjAyOC1hN2ZhMWFjZGRjZjkiLCJ0.nlTqpAZHeq4P2xFD",
    "expireIn": 1800
}
{
    "accessToken": "JhbGciOiJFUzI1NiIs.QtYjAyOC1hN2ZhMWFjZGRjZjkiLCJ0.nlTqpAZHeq4P2xFD",
    "expireIn": 1800
}
﻿
If you need to keep a valid accessToken in the backend system at all times, please use the refresh endpoint to refresh or call the auth endpoint again to apply for a new accessToken before the accessToken reaches its expiration.
Create a Link using the accessToken generated earlier.
Command:
Shell

curl --location 'https://api-sandbox.klavi.ai/data/v1/links' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{"personalTaxId":"string","businessTaxId":"string","email":"string","phone":"string","redirectURL":"string","productsCallbackURL":"Object","externalInfo":"Object"}'

curl --location 'https://api-sandbox.klavi.ai/data/v1/links' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{"personalTaxId":"string","businessTaxId":"string","email":"string","phone":"string","redirectURL":"string","productsCallbackURL":"Object","externalInfo":"Object"}'
﻿
Expected response:
JSON
{
    "linkId": "4437b139-8a16-11ee-b636-487b6bad036a",
    "linkURL": "https://open-sandbox.klavi.ai/path?v=AhbGciOiJFUzI1NiIs.CtYjAyOC1hN2ZhMWFjZGRjZjkiLCJ0.UlTqpAZHeq4P2xFD",
    "linkToken": "AhbGciOiJFUzI1NiIs.CtYjAyOC1hN2ZhMWFjZGRjZjkiLCJ0.UlTqpAZHeq4P2xFD",
    "expireIn": 1800
}
{
    "linkId": "4437b139-8a16-11ee-b636-487b6bad036a",
    "linkURL": "https://open-sandbox.klavi.ai/path?v=AhbGciOiJFUzI1NiIs.CtYjAyOC1hN2ZhMWFjZGRjZjkiLCJ0.UlTqpAZHeq4P2xFD",
    "linkToken": "AhbGciOiJFUzI1NiIs.CtYjAyOC1hN2ZhMWFjZGRjZjkiLCJ0.UlTqpAZHeq4P2xFD",
    "expireIn": 1800
}
﻿
You should notice that using this endpoint has generated another linkToken, yes, these are two different tokens.
accessToken: You can assume that this is the token used by your backend system
linkToken: You can assume that this is the token used by the linkURL generated by this endpoint, and its lifecycle is the lifecycle of the LinkId and LinkURL.
Obtain a list of participants using the linkToken generated earlier, which needs to be loaded into the page of your developed application for end users to choose the institution to which they want to share their account data. This list includes participants in the Brazilian Central Bank's Open finance and passive participants in the Open data supported by Klavi.
Command:
Shell
curl --location --request GET 'https://api-sandbox.klavi.ai/data/v1/links/institutions' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer AhbGciOiJFUzI1NiIs.CtYjAyOC1hN2ZhMWFjZGRjZjkiLCJ0.UlTqpAZHeq4P2xFD'
curl --location --request GET 'https://api-sandbox.klavi.ai/data/v1/links/institutions' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer AhbGciOiJFUzI1NiIs.CtYjAyOC1hN2ZhMWFjZGRjZjkiLCJ0.UlTqpAZHeq4P2xFD'
﻿
Expected response:
JSON
[
    {
        "institutionCode":"261",
        "name":"Itau",
        "avatar":"https://avatarcredigo.s3.sa-east-1.amazonaws.com/banklogo/4d9277e5-6d8b-11ee-8c78-0a8b9f03afaa_of_itau.svg",
        "isOutage":false,
        "institutionType":1,
        "businessType":"LEGAL",
        "availableResources":[
            "REGISTRATION",
            "ACCOUNTS"
        ]
    },
    {
        "institutionCode":"260",
        "name":"Nubank",
        "avatar":"https://avatarcredigo.s3.sa-east-1.amazonaws.com/banklogo/4d9277e5-6d8b-11ee-8c78-0a8b9f03afaa_of_nubank.svg",
        "isOutage":false,
        "institutionType":1,
        "businessType":"LEGAL",
        "availableResources":[
            "REGISTRATION",
            "ACCOUNTS"
        ]
    }
]
[
    {
        "institutionCode":"261",
        "name":"Itau",
        "avatar":"https://avatarcredigo.s3.sa-east-1.amazonaws.com/banklogo/4d9277e5-6d8b-11ee-8c78-0a8b9f03afaa_of_itau.svg",
        "isOutage":false,
        "institutionType":1,
        "businessType":"LEGAL",
        "availableResources":[
            "REGISTRATION",
            "ACCOUNTS"
        ]
    },
    {
        "institutionCode":"260",
        "name":"Nubank",
        "avatar":"https://avatarcredigo.s3.sa-east-1.amazonaws.com/banklogo/4d9277e5-6d8b-11ee-8c78-0a8b9f03afaa_of_nubank.svg",
        "isOutage":false,
        "institutionType":1,
        "businessType":"LEGAL",
        "availableResources":[
            "REGISTRATION",
            "ACCOUNTS"
        ]
    }
]
﻿
In API-Only integration mode, only linkToken is useful to you, and you don't need to pay attention to linkURL because it is used by WhiteLabel.
Create a consent using the linkToken generated earlier.
Command:
Shell
curl --location --request POST 'https://api-sandbox.klavi.ai/data/v1/consents' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer AhbGciOiJFUzI1NiIs.CtYjAyOC1hN2ZhMWFjZGRjZjkiLCJ0.UlTqpAZHeq4P2xFD' \
--data-raw '{"externalTrackId":"string","personalTaxId":"string","businessTaxId":"string","institutionCode":"string","redirectURL":"string","phone":"string","email":"string"}'
curl --location --request POST 'https://api-sandbox.klavi.ai/data/v1/consents' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer AhbGciOiJFUzI1NiIs.CtYjAyOC1hN2ZhMWFjZGRjZjkiLCJ0.UlTqpAZHeq4P2xFD' \
--data-raw '{"externalTrackId":"string","personalTaxId":"string","businessTaxId":"string","institutionCode":"string","redirectURL":"string","phone":"string","email":"string"}'
﻿
Expected response:
JSON
{
    "consentId": "0325412e-e566-4f4e-ac5b-2f4471586b88",
    "consentRedirectURL": "https://auth.mockbank.poc.raidiam.io/auth?client_id=_uWJuSDGCWFQuNoKrJP0o&scope=openid%20consent%3Aurn%3Araidiambank%3A76bfad6b",
    "expireAt": "2024-11-21T23:59:59.999Z"
}
{
    "consentId": "0325412e-e566-4f4e-ac5b-2f4471586b88",
    "consentRedirectURL": "https://auth.mockbank.poc.raidiam.io/auth?client_id=_uWJuSDGCWFQuNoKrJP0o&scope=openid%20consent%3Aurn%3Araidiambank%3A76bfad6b",
    "expireAt": "2024-11-21T23:59:59.999Z"
}
﻿
When your application requests the consentRedirectURL, the browser or App will redirect to the previously selected institution related web page or app (depending on how the user uses your application) for authorization.
You can record the consentId in the backend and update the user's latest data according to your business requirements (of course, this requires that the consentId has not expired or has been revoked by the user from other channels)
Klavi will also send you relevant consent information and status through the event webhook.
3. Fetch Product Data
You can use the consentId to poll the consents endpoint to obtain the status of this consentId. When the status of the consentId change to  AUTHORISED (it is better to wait for the event through webhook, and after the status change to AUTHORISED, Klavi backend will send you the results, even if it is a failed state), you can send the specific report generation request you want based on the end user type(personal or business, their endpoints are different).
Command:
Shell
curl --location 'https://api-sandbox.klavi.ai/data/personal/institution-data' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer JhbGciOiJFUzI1NiIs.QtYjAyOC1hN2ZhMWFjZGRjZjkiLCJ0.nlTqpAZHeq4P2xFD' \
--data '{"taxId":"string","institutionId":"string","linkId":"String","consentId":"Array","products":"Array","productsCallbackURL":"Object"}'
curl --location 'https://api-sandbox.klavi.ai/data/personal/institution-data' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer JhbGciOiJFUzI1NiIs.QtYjAyOC1hN2ZhMWFjZGRjZjkiLCJ0.nlTqpAZHeq4P2xFD' \
--data '{"taxId":"string","institutionId":"string","linkId":"String","consentId":"Array","products":"Array","productsCallbackURL":"Object"}'
﻿
Expected response:
JSON
{
    "requestId": "1325412e-e566-4f4e-ac5b-2f4471586b89",
    "message": "ok"
}
{
    "requestId": "1325412e-e566-4f4e-ac5b-2f4471586b89",
    "message": "ok"
}
﻿
After you submit a request to generate specific or all report(The report you want to purchase has already been limited by Klavi backend), Klavi randomly starts retrieving data from the institution and processing it to generate the corresponding report, which will be sent to you through the report webhook.
Klavi also supports not having to actively call this endpoint. After you go online, you can proactively send all the reports you need through the report webhook after authorization is completed, or send them to Klavi's storage space. You can download them at any time through the Klavi Console.
﻿
Updated 29 Sep 2024
Did this page help you?
Advance WhiteLabel
API Call Sequence Diagram
API Only

1. Generate Your Credentials

2. Welcome Your First Customer

Step 1. Create Access Token

Step 2. Create a Link

Step 3. Get Institution List

Step 4. Create a Consent

3. Fetch Product Data
