API Authentication

Overview

Venly Fundflow API uses OAuth2 client credentials flow. All API requests require a bearer token in the Authorization header.

Get an Access Token

Send a POST request to the token endpoint for your environment:

Environment	Endpoint
Sandbox	`POST https://login-sandbox.venly.io/auth/realms/VenlyFinance/protocol/openid-connect/token`
Production	`POST https://login.venly.io/auth/realms/VenlyFinance/protocol/openid-connect/token`

Request Body

Parameter	Value
`grant_type`	`client_credentials`
`client_id`	Your client ID
`client_secret`	Your client secret

Response

{
    "access_token": "eyJhbGciOiJSUzI1NiIsIn......",
    "expires_in": 300,
    "refresh_expires_in": 0,
    "token_type": "Bearer",
    "not-before-policy": 0,
    "scope": "email profile"
}

The response includes an access_token valid for 5 minutes (300 seconds). Once expired, repeat the call above to get a new one.

Use the Token

Pass the access_token as a bearer token in the Authorization header of every API call:

curl -X GET https://api-fundflow.venly.io/v1/company \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "Content-Type: application/json"

Best Practices

Never expose client secrets in client-side code, logs, or version control.
Store credentials in environment variables or a secrets manager.
Implement auto-refresh logic to request a new token before the current one expires.

Getting Started

Core Guides

Additional Resources

Overview

Get an Access Token

Request Body

Response

Use the Token

Best Practices

Getting Started

Core Guides

Additional Resources

​Overview

​Get an Access Token

​Request Body

​Response

​Use the Token

​Best Practices

Overview

Get an Access Token

Request Body

Response

Use the Token

Best Practices