{"templateId":"markdown","sharedDataIds":{"sidebar":"sidebar-@l10n/en-US/apis/sidebars.yaml"},"props":{"metadata":{"markdoc":{"tagList":["code-group"]},"type":"markdown"},"seo":{"title":"Authentication","description":"Documentação oficial da API da plataforma de crédito embarcado Dinie. Integre produtos de crédito diretamente na sua aplicação.","siteUrl":"https://docs.dinie.com","lang":"pt-BR","llmstxt":{"hide":false,"sections":[{"title":"Table of contents","includeFiles":["**/*"],"excludeFiles":[]}],"excludeFiles":[]}},"dynamicMarkdocComponents":[],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"id":"authentication","__idx":0},"children":["Authentication"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The Dinie API uses ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["OAuth2 Client Credentials"]}," for authentication. You exchange your API credentials for a short-lived access token and include that token in all requests."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"img","attributes":{"src":"/assets/authentication-flow.2ebb7cebdf93d91a574051410895e4a8b21540b1c2887c001114e6473ef853b4.047687d6.svg","alt":"Authentication flow"},"children":[]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"overview","__idx":1},"children":["Overview"]},{"$$mdtype":"Tag","name":"ol","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Your server sends credentials to ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["POST /v3/auth/token"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Dinie returns a short-lived JWT access token"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Include the token as a Bearer header in all subsequent requests"]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"obtaining-a-token","__idx":2},"children":["Obtaining a Token"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Send a ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["POST"]}," request with your ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["client_id"]}," and ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["client_secret"]}," via HTTP Basic Authentication:"]},{"$$mdtype":"Tag","name":"CodeGroup","attributes":{"mode":"tabs"},"children":[{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"typescript","data-title":"Node.js","header":{"title":"Node.js","controls":{"copy":{}}},"source":"import Dinie from \"dinie\";\n\n// The SDK exchanges credentials and caches the token automatically.\nconst dinie = new Dinie({\n  clientId: process.env.DINIE_CLIENT_ID,\n  clientSecret: process.env.DINIE_CLIENT_SECRET,\n  environment: \"sandbox\",\n});\n","lang":"typescript"},"children":[]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"ruby","data-title":"Ruby","header":{"title":"Ruby","controls":{"copy":{}}},"source":"require \"dinie\"\n\n# The SDK exchanges credentials and caches the token automatically.\ndinie = Dinie::Client.new(\n  client_id: ENV[\"DINIE_CLIENT_ID\"],\n  client_secret: ENV[\"DINIE_CLIENT_SECRET\"],\n  environment: \"sandbox\"\n)\n","lang":"ruby"},"children":[]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"python","data-title":"Python","header":{"title":"Python","controls":{"copy":{}}},"source":"from dinie import Dinie\n\n# The SDK exchanges credentials and caches the token automatically.\ndinie = Dinie(\n    client_id=os.environ[\"DINIE_CLIENT_ID\"],\n    client_secret=os.environ[\"DINIE_CLIENT_SECRET\"],\n    environment=\"sandbox\",\n)\n","lang":"python"},"children":[]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"bash","data-title":"cURL","header":{"title":"cURL","controls":{"copy":{}}},"source":"curl -X POST https://sandbox.api.dinie.com.br/v3/auth/token \\\n  -u \"dinie_ci_your_client_id:dinie_cs_live_your_client_secret\" \\\n  -H \"Content-Type: application/x-www-form-urlencoded\" \\\n  -d \"grant_type=client_credentials\"\n","lang":"bash"},"children":[]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"response","__idx":3},"children":["Response"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"json","header":{"controls":{"copy":{}}},"source":"{\n  \"access_token\": \"dinie_at_...\",\n  \"token_type\": \"bearer\",\n  \"expires_in\": 3600\n}\n","lang":"json"},"children":[]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Field"},"children":["Field"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Description"},"children":["Description"]}]}]},{"$$mdtype":"Tag","name":"tbody","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["access_token"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["JWT token prefixed with ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["dinie_at_"]},". Use as a Bearer token."]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["token_type"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Always ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["bearer"]},"."]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["expires_in"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Token lifetime in seconds (3600 = 1 hour)."]}]}]}]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"using-bearer-tokens","__idx":4},"children":["Using Bearer Tokens"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Include the token in the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Authorization"]}," header of each API request:"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"bash","header":{"controls":{"copy":{}}},"source":"Authorization: Bearer dinie_at_...\n","lang":"bash"},"children":[]},{"$$mdtype":"Tag","name":"blockquote","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Warning:"]}," Never include credentials or tokens in URLs or query parameters. Always use the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Authorization"]}," header."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"token-expiration-and-renewal","__idx":5},"children":["Token Expiration and Renewal"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Tokens expire after ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["1 hour"]}," (3600 seconds). When a token expires, the API returns a ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["401"]}," error:"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"json","header":{"controls":{"copy":{}}},"source":"{\n  \"type\": \"https://docs.dinie.com/errors/authentication-failed\",\n  \"title\": \"Authentication Failed\",\n  \"status\": 401,\n  \"detail\": \"Bearer token has expired.\",\n  \"code\": \"token_expired\"\n}\n","lang":"json"},"children":[]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["To handle expiration:"]},{"$$mdtype":"Tag","name":"ol","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Proactive renewal"]}," -- track the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["expires_in"]}," and request a new token before it expires (e.g., at 80% of TTL)"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Reactive renewal"]}," -- catch ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["401"]}," responses with the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["token_expired"]}," code, request a new token, and resend the request"]}]},{"$$mdtype":"Tag","name":"blockquote","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Tip:"]}," The SDKs manage token renewal automatically. They request a new token before the current one expires and transparently resend failed requests."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"automatic-sdk-authentication","__idx":6},"children":["Automatic SDK Authentication"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["When you initialize the SDK with your credentials, it manages the entire token lifecycle:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Exchanges credentials for a token on the first API call"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Caches the token in memory"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Renews the token before expiration"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Resends requests that failed due to expired tokens"]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["You never need to call the token endpoint directly when using an SDK."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"authentication-errors","__idx":7},"children":["Authentication Errors"]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Status"},"children":["Status"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Code"},"children":["Code"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Description"},"children":["Description"]}]}]},{"$$mdtype":"Tag","name":"tbody","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["400"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["missing_grant_type"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Missing ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["grant_type"]}," parameter"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["400"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["unsupported_grant_type"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["grant_type"]}," is not ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["client_credentials"]}]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["400"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["missing_authorization"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Missing ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Authorization"]}," header"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["400"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["invalid_content_type"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Content-Type"]}," header is not ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["application/x-www-form-urlencoded"]}]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["401"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["invalid_client"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["client_id"]}," does not exist"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["401"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["invalid_client_secret"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["client_secret"]}," does not match"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["401"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["credential_revoked"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Credential has been revoked"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["401"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["credential_expired"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Credential is past its expiration date"]}]}]}]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"security-best-practices","__idx":8},"children":["Security Best Practices"]},{"$$mdtype":"Tag","name":"ol","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Store secrets securely"]}," -- use environment variables or a secret manager. Never commit credentials to version control."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Use server-side calls only"]}," -- never expose your ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["client_secret"]}," in frontend code, mobile apps, or client-side JavaScript."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Rotate credentials regularly"]}," -- create a new credential, update your integration, then revoke the old one. See the ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"#credential-management"},"children":["Credential Management"]}," section below."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Separate credentials by environment"]}," -- use different credentials for sandbox and production."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Monitor usage"]}," -- check the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["last_used_at"]}," field on your credentials to detect unauthorized use."]}]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"id":"credential-management","__idx":9},"children":["Credential Management"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Partners can have ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["multiple active API credentials"]}," simultaneously. This enables credential rotation without downtime -- create a new credential, update your integration, then revoke the old one."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"creating-new-credentials","__idx":10},"children":["Creating New Credentials"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Create a new API key with a human-readable name and an optional expiration date."]},{"$$mdtype":"Tag","name":"CodeGroup","attributes":{"mode":"tabs"},"children":[{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"typescript","data-title":"Node.js","header":{"title":"Node.js","controls":{"copy":{}}},"source":"const credential = await dinie.auth.credentials.create({\n  name: \"Production Key\",\n  expires_at: 1804118400,\n});\n\n// Store credential.client_secret securely -- it is shown only once.\nconsole.log(credential.client_id);\nconsole.log(credential.client_secret);\n","lang":"typescript"},"children":[]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"ruby","data-title":"Ruby","header":{"title":"Ruby","controls":{"copy":{}}},"source":"credential = dinie.auth.credentials.create(\n  name: \"Production Key\",\n  expires_at: 1804118400\n)\n\n# Store credential.client_secret securely -- it is shown only once.\nputs credential.client_id\nputs credential.client_secret\n","lang":"ruby"},"children":[]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"python","data-title":"Python","header":{"title":"Python","controls":{"copy":{}}},"source":"credential = dinie.auth.credentials.create(\n    name=\"Production Key\",\n    expires_at=1804118400,\n)\n\n# Store credential.client_secret securely -- it is shown only once.\nprint(credential.client_id)\nprint(credential.client_secret)\n","lang":"python"},"children":[]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"bash","data-title":"cURL","header":{"title":"cURL","controls":{"copy":{}}},"source":"curl -X POST https://sandbox.api.dinie.com.br/v3/auth/credentials \\\n  -H \"Authorization: Bearer dinie_at_...\" \\\n  -H \"Content-Type: application/json\" \\\n  -H \"Idempotency-Key: create-prod-key-2026\" \\\n  -d '{\n    \"name\": \"Production Key\",\n    \"expires_at\": 1804118400\n  }'\n","lang":"bash"},"children":[]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"response-1","__idx":11},"children":["Response"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"json","header":{"controls":{"copy":{}}},"source":"{\n  \"id\": \"dinie_ci_550e8400e29b41d4a716446655440000\",\n  \"client_id\": \"dinie_ci_550e8400e29b41d4a716446655440000\",\n  \"client_secret\": \"dinie_cs_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\",\n  \"name\": \"Production Key\",\n  \"status\": \"active\",\n  \"expires_at\": 1804118400,\n  \"created_at\": 1709546400,\n  \"updated_at\": 1709546400,\n  \"last_used_at\": null\n}\n","lang":"json"},"children":[]},{"$$mdtype":"Tag","name":"blockquote","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Warning:"]}," The ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["client_secret"]}," is ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["returned only once"]}," at creation time. Store it immediately in your secret manager. It cannot be retrieved again."]}]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Field"},"children":["Field"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Required"},"children":["Required"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Description"},"children":["Description"]}]}]},{"$$mdtype":"Tag","name":"tbody","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["name"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Yes"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Human-readable label for this key (e.g., \"Production Key\", \"Staging Key\")"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["expires_at"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["No"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Optional expiration date (Unix epoch, seconds). ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["null"]}," means the credential never expires."]}]}]}]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"listing-credentials","__idx":12},"children":["Listing Credentials"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Retrieve all credentials for your account. Secrets are never included in list responses."]},{"$$mdtype":"Tag","name":"CodeGroup","attributes":{"mode":"tabs"},"children":[{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"typescript","data-title":"Node.js","header":{"title":"Node.js","controls":{"copy":{}}},"source":"const credentials = await dinie.auth.credentials.list();\n\nfor (const cred of credentials.data) {\n  console.log(cred.name, cred.status, cred.last_used_at);\n}\n","lang":"typescript"},"children":[]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"ruby","data-title":"Ruby","header":{"title":"Ruby","controls":{"copy":{}}},"source":"credentials = dinie.auth.credentials.list\n\ncredentials.data.each do |cred|\n  puts \"#{cred.name} #{cred.status} #{cred.last_used_at}\"\nend\n","lang":"ruby"},"children":[]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"python","data-title":"Python","header":{"title":"Python","controls":{"copy":{}}},"source":"credentials = dinie.auth.credentials.list()\n\nfor cred in credentials.data:\n    print(cred.name, cred.status, cred.last_used_at)\n","lang":"python"},"children":[]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"bash","data-title":"cURL","header":{"title":"cURL","controls":{"copy":{}}},"source":"curl https://sandbox.api.dinie.com.br/v3/auth/credentials \\\n  -H \"Authorization: Bearer dinie_at_...\"\n","lang":"bash"},"children":[]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"list-response","__idx":13},"children":["List Response"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"json","header":{"controls":{"copy":{}}},"source":"{\n  \"data\": [\n    {\n      \"id\": \"dinie_ci_550e8400e29b41d4a716446655440000\",\n      \"client_id\": \"dinie_ci_550e8400e29b41d4a716446655440000\",\n      \"name\": \"Production Key\",\n      \"status\": \"active\",\n      \"expires_at\": 1804118400,\n      \"created_at\": 1709287200,\n      \"updated_at\": 1709287200,\n      \"last_used_at\": 1709544600\n    }\n  ],\n  \"has_more\": false\n}\n","lang":"json"},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"revoking-credentials","__idx":14},"children":["Revoking Credentials"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Revoke a credential by ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["client_id"]},". Revocation takes effect immediately -- no new tokens can be issued with this credential. Already-issued tokens continue working until they expire (up to 1 hour)."]},{"$$mdtype":"Tag","name":"CodeGroup","attributes":{"mode":"tabs"},"children":[{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"typescript","data-title":"Node.js","header":{"title":"Node.js","controls":{"copy":{}}},"source":"await dinie.auth.credentials.del(\"dinie_ci_550e8400e29b41d4a716446655440000\");\n","lang":"typescript"},"children":[]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"ruby","data-title":"Ruby","header":{"title":"Ruby","controls":{"copy":{}}},"source":"dinie.auth.credentials.delete(\"dinie_ci_550e8400e29b41d4a716446655440000\")\n","lang":"ruby"},"children":[]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"python","data-title":"Python","header":{"title":"Python","controls":{"copy":{}}},"source":"dinie.auth.credentials.delete(\"dinie_ci_550e8400e29b41d4a716446655440000\")\n","lang":"python"},"children":[]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"bash","data-title":"cURL","header":{"title":"cURL","controls":{"copy":{}}},"source":"curl -X DELETE https://sandbox.api.dinie.com.br/v3/auth/credentials/dinie_ci_550e8400e29b41d4a716446655440000 \\\n  -H \"Authorization: Bearer dinie_at_...\"\n","lang":"bash"},"children":[]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The response is ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["204 No Content"]}," with an empty body."]},{"$$mdtype":"Tag","name":"blockquote","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Info:"]}," You cannot revoke your ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["last active credential"]},". A partner must always have at least one active credential. Attempting to revoke the last one returns a ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["409 Conflict"]}," with code ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["last_active_credential"]},"."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"rotation-best-practices","__idx":15},"children":["Rotation Best Practices"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Follow this process for zero-downtime credential rotation:"]},{"$$mdtype":"Tag","name":"ol","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Create a new credential"]}," with ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["POST /v3/auth/credentials"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Update your integration"]}," to use the new ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["client_id"]}," and ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["client_secret"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Verify the new credential works"]}," by requesting a token with ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["POST /v3/auth/token"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Revoke the old credential"]}," with ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["DELETE /v3/auth/credentials/{old_client_id}"]}]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["During steps 1--4, ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["all active credentials work simultaneously"]},". There is no authentication downtime."]},{"$$mdtype":"Tag","name":"blockquote","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Tip:"]}," Set an ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["expires_at"]}," on credentials as a safety net. Even if you forget to revoke an old credential, it will stop working after the expiration date."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"recommended-rotation-frequency","__idx":16},"children":["Recommended Rotation Frequency"]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Environment"},"children":["Environment"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Rotation Frequency"},"children":["Rotation Frequency"]}]}]},{"$$mdtype":"Tag","name":"tbody","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Production"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Every 90 days"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Staging"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Every 30 days or on demand"]}]}]}]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Monitor the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["last_used_at"]}," field to detect credentials that are no longer in use and should be revoked."]}]},"headings":[{"value":"Authentication","id":"authentication","depth":1},{"value":"Overview","id":"overview","depth":2},{"value":"Obtaining a Token","id":"obtaining-a-token","depth":2},{"value":"Response","id":"response","depth":3},{"value":"Using Bearer Tokens","id":"using-bearer-tokens","depth":2},{"value":"Token Expiration and Renewal","id":"token-expiration-and-renewal","depth":2},{"value":"Automatic SDK Authentication","id":"automatic-sdk-authentication","depth":2},{"value":"Authentication Errors","id":"authentication-errors","depth":2},{"value":"Security Best Practices","id":"security-best-practices","depth":2},{"value":"Credential Management","id":"credential-management","depth":1},{"value":"Creating New Credentials","id":"creating-new-credentials","depth":2},{"value":"Response","id":"response-1","depth":3},{"value":"Listing Credentials","id":"listing-credentials","depth":2},{"value":"List Response","id":"list-response","depth":3},{"value":"Revoking Credentials","id":"revoking-credentials","depth":2},{"value":"Rotation Best Practices","id":"rotation-best-practices","depth":2},{"value":"Recommended Rotation Frequency","id":"recommended-rotation-frequency","depth":3}],"frontmatter":{"seo":{"title":"Authentication"}},"lastModified":"2026-03-19T21:33:27.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/en-us/apis/concepts/authentication","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}