Bankei BaaS Admin
    Bankei BaaS Admin
    • Introduction
    • API Security and Authentication
    • Handling Monetary Values in Our System
    • Secure API Credential Exchange Process
    • Organization
      • Get Organization
        GET
    • Admin Account
      • Get Account Information
        GET
    • User
      • Create User - Basic
        POST
      • Get User
        GET
    • KYC
      • Request KYC Analisys - Company
        POST
      • Get KYC Analisys Status
        GET
      • Request KYC Analisys - Consumer
        POST
      • Send KYC Document
        POST
    • Checking Account
      • Get Account Information
        GET
      • Get Account Balance
        GET
      • Create Checking Account
        POST
      • Get Account Transactions
        GET
    • Card
      • Get Card Groups
        GET
      • Create Nominated Card
        POST
      • Get Cards
        GET
      • Get Card Shipping
        GET
      • Activate Nominated Card
        POST
      • Temporary Disable Card
        POST
      • Enable Temporary Disable Card
        POST
      • Block Card
        POST
      • Get Card Sensitive Information
        GET
    • Pix
      • Generate Pix-In Static BR Code
      • Generate Pix-In Dynamic Cob BR Code
      • Generate Pix-In Dynamic CobV BR Code
      • Get Account Pix Keys
      • Generate Pix Key
    • Pix Out
      • Preview Pix BrCode Payment
      • Preview Pix Key Payment
      • Confirm Pix Payment
    • Bill Payment
      • Line vs. Barcode
      • Bill Payment Preview
      • Create Bill Payment
    • Invoice
      • Generate Invoice
    • Receipt
      • Get Transaction Receipt
    • Webhook
      • Bill Payment Webhook Events
      • Create Webhook Subscription
      • Get Webhook Subscriptions
      • Delete Webhook Subscription
      • Get Webhook Events
      • Get Webhook Event Detail
      • Get Webhook Send Attempts
      • Get Webhook Send Attempt Detail
      • Dispatch Webhook Events
    • Sandbox
      • Pay Pix BrCode [Sandbox Only]
      • Confirm Bill Payment [Sandbox Only]
      • Reject Bill Payment [Sandbox Only]
      • Approve Kyc Analisys [Sandbox Only]
    • Schemas
      • Account
      • Asset
      • Metadata
      • Address
      • Consumer

    Secure API Credential Exchange Process

    This document outlines the secure process for exchanging API credentials. To ensure the confidentiality of your credentials, we will use a public-key encryption method. This process involves you, the client, generating a key pair and sharing the public key with us. We will then use this public key to encrypt your credentials before sending them to you.
    Please follow the steps below carefully.

    Step 1: Client-Side Key Generation#

    First, you will need to generate a private and a public key pair on your system. The private key must be kept secret and secure, as it will be used to decrypt your credentials. The public key is what you will send to us.
    You can generate the key pair using the following openssl commands in your terminal:
    1. Generate a 2048-bit RSA private key:
    This command creates a file named private.pem containing your private key.
    2. Extract the public key from the private key:
    This command creates a file named public.pem from your private key file.
    After executing these commands, you will have two files: private.pem (your secret private key) and public.pem (your shareable public key).
    Action Required: Please send the public.pem file to us.
    Do NOT send the private.pem file to us.

    Step 2: Provider-Side Credential Encryption#

    Once we receive your public.pem file, we will use it to encrypt your unique API credentials. This ensures that only you, the holder of the corresponding private key, can view them.
    We will then send the encrypted file, api-credentials.txt.enc to you.

    Step 3: Client-Side Credential Decryption#

    Upon receiving the api-credentials.txt.enc file from us, you will use your private key (private.pem) to decrypt it and reveal your API credentials.
    1. Decrypt the credentials using your private key:
    2. View your credentials:
    The output of this command will display your decrypted API key and secret, which will look something like this:
    Api key: 01K0T1ZF9DK1C7PEBXMQBH52Q7
Api secret: yfV715HYxt6IZw1fRfK1rdOEG/+EibKJ38q7lvof/6I=
Org Id: 0198341f-dcaa-7d67-ba8f-61d917156bf9
Account Id: 0198341f-f1a3-78e0-9f80-7011662a4c2e
    💡
    Important: Once you have decrypted your credentials, you must store them in a secure location within your system or application. Treat your api-key and api-secret as you would any password. Also, ensure that your private.pem file is stored securely and is not publicly accessible, as anyone with access to it can decrypt your credentials.
    Modified at 2025-07-22 21:56:20
    Previous
    Handling Monetary Values in Our System
    Next
    Get Organization
    Built with