Resources available in API are secured, which means that each request must be authorized and include access_token in request header.

To obtain authorization token, end user must grant application permission to use his data.

In order to make this process as easy as possible, API supports OAuth 2.0 protocol.

Existing implementation supports authorization code and resource owner password credentials grant types. Client credentials are available only for registered applications.

Entry requirements

Each API authorization request must consists of:

  1. Active user account credentials (TransId and password)
  2. Valid client credentials (client_id and client_secret)
  3. Registered redirect_uri
  4. Api-key in request header

To obtain client credentials and Api-key, please fill out the application registration form available here.

User account can be created using company registration form.

Example of authorization flow

Description of a sample authorization flow with required and received data:

  1. Redirection to authorization server for user to post credentials directly to authentication form.
    1. Required parameters: response_type, client_id, redirect_uri
    2. Response: code
  2. Return to the address given as redirect_uri with additional code parameter
  3. Code has to be sent back to authorization server from the same as redirect_uri location and using the same client_id
    1. Required parameters: code, client_id, client_secret
    2. Response: access_token, refresh_token
  4. Retrieving access_token (valid for 6 hours) and refresh_token
  5. Request header consists of valid access_token
  6. Before access_token expires, it is possible to retrieve new pair of tokens without user involvement, using refresh_token.


For authorization process it is required for users to provide credentials by themselves. It is also very important to give the possibility to authorize each individual user separately.