Introduction

Getting Started

You can learn required information to use the Fibabanka API’s from Fibabanka API Portal.

You can contact to us from Contact Us page to use the system. After completion the necessary authentication process, you can start consuming web services from API Gateway.

Client Certificate Creation Guide

To create a certificate, click the Certificates button in the Action dropdown menu in the App detail. The Certificates button will be active only in the 'Partially-Sandbox', 'Sandbox', 'Partially-Prod' and 'Prod' statuses of your App. You can perform your certificate transactions by reading the explanations on the opened modal.

Certificate Create Image

Using Client Certificate in Postman

To authenticate and securely communicate with our API, you will need to configure a client certificate in Postman. Follow the steps below to set it up based on the type of certificate file you downloaded.

  1. Download the client certificate file from our platform. The certificate may be presented in .p12 (PFX) format, containing both .crt and .key files or a .crt file alone in the renew case.
  2. Open Postman and navigate to Settings > Certificates.
  3. In the Client Certificates section, click Add Certificate.
  4. Enter the Host (https://sandbox-apigw.fibabanka.com.tr) that requires the certificate, and set the Port to 443.
  5. Depending on the type of certificate you have:
    • If you have a .p12 file, upload it in the PFX File field and enter your password in the relevant field.
    • If you have a .crt file, upload it in the CRT File field and also upload your existing .key file in the Key File field.
      • Extract Public Certificate and Private Key from .p12 file with openssl

      Extract Public Certificate

      openssl pkcs12 -in xxxx.p12 -passin pass:yyyy -out xxxx-public.crt -nokeys

      Extract Private Key

      openssl pkcs12 -in xxxx.p12 -passin pass:yyyy -out xxxx-private.key -nodes -nocerts
  6. Save the configuration.
Certificate Intro Image

Authorization Guide

Our services use Client Credentials grant for authentication & authorization according to OAuth2(tools.ietf.org/html/rfc6749#section-4.4) standards. You can use the client_id and client_secret information as below to get a bearer token valid for a certain period of time.

Sample Intro Image

Sample Curl:

curl -X POST --cert xxxx-public.crt --key xxxx-private.key https://sandbox-apigw.fibabanka.com.tr/v1/auth/oauth/token?grant_type=client_credentials --header "Authorization: Basic eW91ci1jbGllbnQtaWQ6eW91ci1jbGllbnQtc2VjcmV0"curl -X POST --cert-type P12 --cert xxxx.p12:password-here https://sandbox-apigw.fibabanka.com.tr/v1/auth/oauth/token?grant_type=client_credentials --header "Authorization: Basic eW91ci1jbGllbnQtaWQ6eW91ci1jbGllbnQtc2VjcmV0"

Sample Service Call

In order to call the service you are authorized to, you should put the access_token from the token service response to the Authorization header part of the service call as Bearer.

key: Authorization, value: Bearer {acces_token}

Sample Intro Image

Sample Curl:

curl –X POST --cert xxxx-public.crt --key xxxx-private.key https://sandbox-apigw.fibabanka.com.tr/v1/... --header “Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.....” --header “Content-Type: application/json” -d { ... } }curl –X POST --cert-type P12 --cert xxxx.p12:password-here https://sandbox-apigw.fibabanka.com.tr/v1/... --header “Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.....” --header “Content-Type: application/json” -d { ... } }

Services

Check out the Services to see how easy it is to use Banking as a Service.