When being entitled isn't a bad thing KeyBank sets up account entitlements to authenticate your identity and define the authorization rules for the APIs you need to access. These entitlements include API keys, access tokens, and KeyBank-assigned parameters. Authentication vs. Authorization Authentication and authorization are terms in the developer world that sound similar and are sometimes used interchangeably, but each has its distinct meaning. It is possible to authenticate an API that you are not authorized to use.Authentication: The process of verifying the identity of a user or application attempting to access an API (like your API keys).Authorization: Determines which APIs an authenticated user or application is allowed to access (like your access token). API keys An API key is a string of alpha-numeric characters that identify the user account making the call. The API keys grant you authorization to use the APIs. Without a valid API key, a call will not complete because the server only recognizes authorized users. KeyBank provides API keys for both application and client credentials. Secure application and client credentials are needed for the Non-Production test environment and the Production environment. Application credentialsconsumer_key: The API key to access KeyBank APIs.consumer_secret: The password used with the consumer key to grant authorization to the client's resources from KeyBank.Client credentialsclient_id: A public hex string that identifies your application provided for each environment.client_secret: A private stirng known only by the application and the server. this is the application's own password. Always use the client ID with the client secret to keep the application secure. Access tokens KeyBank requires an OAuth 2.0 access token to authorize API calls. To make a call for a token, you must be completely onboarded as a KeyBank partner.Obtaining access tokensCopy and modify the cURL command template. Be sure to replace the curly brackets {{xxxx}} with your specific information.In the response, you get the following:access_token - Use this access token in the Authorization header when you call the API over a secure mTLS connection. The access token remains valid for 24 hours. If it expires, try the refresh token to receive a new access token and pass in the API request.api_product_list - Provides a list of the API products you can are authorized to use.If you are unable to retrieve an access code, reassess your setup, review your API keys, and make sure you are properly connected to the environment before you try again.cURL command templatecurl -X POST --cert {{client.crt}} --key {{client.key}} --cacert {{ca.crt}} \ ‘{{host}}/oauth/v1/token?scope=rs-read' -H 'Authorization: Basic {{base64 encoded consumer key and secret}}' -H 'Content-type: application/x-www-form-urlencoded' -H 'Accept: application/json' -d 'Id={{client id}}&Key={{client password}}&grant_type=client_credentials' KeyBank-assigned parameters Some APIs have required request fields with KeyBank-provided values. All required request fields must be complete to be able to successfully submit a request.Most of the required request values are environment specific, meaning that there are different values provided for different environments. The only exception is the ACH Origination API which can use the values provided for its required request fields in both environments.APIRequired parameterDescriptionAccount Validation APIadditionalId Secondary client ID provided for each environment.ACH Origination API collectionApplicationType Point (client) and collection application (account-specific) for API payload and objects.RTP Send Payment API KeyClientIdA 32-character string that identifies you as the client. This is only required for POST requests to initiate or validate a payment.Wire Origination API KeyClientIdCheck Images API password Username and password (NHID) shared via secure email. Use these credentials in the API payload, DefaultChecksRequest object.