Here you will find all the security guidelines to connect with Treeal's API.
OAuth 2.0 Credential Flow for Treeal APIs
We use the OAuth 2.0 protocol’s client credentials flow to secure access to our APIs. Obtaining your client_id and client_secret is essential, as they are key components for authenticating and authorizing requests to Treeal’s APIs. This guide outlines best practices for managing these credentials in your integration with Treeal APIs.
Credential Management
Proper credential management is crucial when accessing Treeal APIs. Below are important guidelines and steps to ensure secure and effective integration:
SSL/TLS Encryption: All communication with Treeal APIs is protected using SSL/TLS encryption, ensuring that data remains secure in transit and protected from interception.
Application Identification: To obtain an access token, submit a request to the token generation endpoint using your client_id and client_secret. This process authenticates your application with Treeal's authentication server.
Endpoint Access: All API endpoints require a valid access token for authorization. This token is obtained following successful authentication.
Access Token Usage: Once the access token is generated, you can use it to interact with Treeal’s APIs for up to 300 seconds (5 minutes) before it expires.
Token Renewal: Access tokens have a limited lifespan. To avoid disruptions in your application's operation, ensure tokens are refreshed before they expire.
Note: CashIn and CashOut tokens are different and require their own certificates.