Skip to content

Adfin API (1.0.0)

Adfin uses OAuth 2.0 access tokens to authenticate all API requests.

There are two contexts in which tokens are issued:

  • Biller Access Tokens — Generated via the Authorization Code flow when a biller connects their Adfin account. These tokens grant access to that biller's data (invoices, payment requests, customers, etc.).

  • Platform Access Tokens — Generated via the Client Credentials flow for Adfin's own integrations and system events. These tokens authenticate Adfin as the platform itself (not as a specific biller) and are required for endpoints like /api/webhook.

Download OpenAPI description
direct-integration-api-reference.json
direct-integration-api-reference.yaml
Languages
Servers
Mock server
https://developer.adfin.com/_mock/products/direct-integration/direct-integration-api-reference/
Production API Server URL
https://api.adfin.com/api/
Staging API Server URL
https://api.staging.adfin.com/api/

oAuth2

Operations

Issue an OAuth 2.0 access token

Request

Security
Biller Access Token (Production) or Biller Access Token (Staging)
Query
grant_typestringrequired
client_idstring
client_secretstring
codestring
refresh_tokenstring
redirect_uristring
scopeArray of strings
Headers
Authorizationstring

The authorization header

curl -i -X POST \
  'https://developer.adfin.com/_mock/products/direct-integration/direct-integration-api-reference/oauth2/token?grant_type=string&client_id=string&client_secret=string&code=string&refresh_token=string&redirect_uri=string&scope=string' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Responses

Access token was successfully issued.

Bodyapplication/json
Response
application/json

AccessTokenExample

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjV0ZGx6cUxiZ3ZVTXJ6SC1WZVZrZyJ9.eyJpc3MiOiJodHRwczovL2F1dGhlbnRpY2F0aW9uLnN0YWdpbmcuYWRmaW4uY29tLyIsInN1YiI6IkpkandtWEZPMXdqOGN2OXFtbEhFM2xoaVpVZWFqTlpYQGNsaWVudHMiLCJhdWQiOiJodHRwczovL3N0YWdpbmctYXV0aC1hZGZpbi5ldS5hdXRoMC5jb20vYXBpL3YyLyIsImlhdCI6MTc2MTI5NjA2NiwiZXhwIjoxNzYxMzAzMjY2LCJzY29wZSI6ImNyZWF0ZTpjbGllbnRfY3JlZGVudGlhbHMgcmVhZDpjbGllbnRfY3JlZGVudGlhbHMgdXBkYXRlOmNsaWVudF9jcmVkZW50aWFscyBkZWxldGU6Y2xpZW50X2NyZWRlbnRpYWxzIiwiZ3R5IjoiY2xpZW50LWNyZWRlbnRpYWxzIiwiYXpwIjoiSmRqd21YRk8xd2o4Y3Y5cW1sSEUzbGhpWlVlYWpOWlgifQ.V2K-38NuyrDkTlu5-4b8g3oIrPWjT8ESIJ7DqB9iawwjYsLGGCU1sPxIK974l6GQVRdF904IeDdLBJc4bLR-G0odtcTM9_SQpHFeZOTUi9WhIh-T_v81VvAN6j_OTW2qA30LfSGPQHJD6Z0fAAHpWqLVkFksuifCxi7LyJ6ufCI9FtoYz6XsG_AMaSbk71dEoc56ChjskXCofi5fmgDH1jZukj_oyzk00IURTpzmB3DjhZI_3TrDTk5tXjxmORiLM8yakJji6s0vqNxSGHUSWxCuMObbCrqeq7jYaUMzPDMhfwllBsGw5tQf1iAA1LUWgNRDjNgTqeY3Mk5oZVTEST",
  "expires_in": 7200,
  "token_type": "Bearer"
}

Revoke an OAuth2 Refresh token

Request

Security
Biller Access Token (Production) or Biller Access Token (Staging)
Query
client_idstring
client_secretstring
tokenstringrequired
Headers
Authorizationstring

The authorization header

curl -i -X POST \
  'https://developer.adfin.com/_mock/products/direct-integration/direct-integration-api-reference/oauth2/revoke?client_id=string&client_secret=string&token=string' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Responses

The Refresh token was successfully revoked.

Authorize an app to access Adfin data on behalf of an Adfin user

Request

Security
Biller Access Token (Production) or Biller Access Token (Staging)
Bodyapplication/jsonrequired
clientIdstring
refreshTokenstring
redirectUristring
scopesstring
statestring
curl -i -X POST \
  https://developer.adfin.com/_mock/products/direct-integration/direct-integration-api-reference/oauth2/authorize \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "clientId": "string",
    "refreshToken": "string",
    "redirectUri": "string",
    "scopes": "string",
    "state": "string"
  }'

Responses

The app was successfully authorized.

Bodyapplication/json
Response
application/json

AuthorizeExample

{
  "refresh_token": "v1.M03zAQtQuGE7AJbgcmSGIAZ9-j7IPRDJEgF_QzXHLn4gJR7yLb-RX6Ir8Q6n-pWzm9jXIvtmR8L46TnZxfTvSCc",
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjV0ZGx6cUxiZ3ZVTXJ6SC1WZVZrZyJ9.eyJwbGF0Zm9ybUNsaWVudElkIjoiUUlpdHVaNG44SFo5cktVeXBObTNRSFR1NmtNVFY2UFYiLCJpc3MiOiJodHRwczovL2F1dGhlbnRpY2F0aW9uLnN0YWdpbmcuYWRmaW4uY29tLyIsInN1YiI6ImF1dGgwfDY4MjYxZWIzOTA0NDg5ZjNmZGQxMDYyMCIsImF1ZCI6WyJodHRwczovL3N0YWdpbmctYXV0aDAtYXBpLmFkZmluLmNvbSJdLCJpYXQiOjE3NjEzMDkyNDUsImV4cCI6MTc2MTMxMjg0NSwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBlbWFpbCBwaG9uZSBvZmZsaW5lX2FjY2VzcyIsImd0eSI6WyJyZWZyZXNoX3Rva2VuIiwicGFzc3dvcmQiXSwiYXpwIjoiTTlrNDdOZmlSeGIwOEVKakNKQWJGbm5mNnZLZE1GUDUiLCJwZXJtaXNzaW9ucyI6W119.bGCs_5Nh9q1aH_StRTJXMxlYzsAO-ROVi3Ttxh1NtlX6ginnIIzEvdLuY1iJWZ_4sFRuxIzX82mdbbFpuEGOIBoMDfqUOwGMnKY3A0z2366GkWuPT0L3Vd2iUH8Th_if9SnOKMIi_WWopaSuE_pyPtu_LuX1d5zUI70pXiYifRZL51qhDOCEx1rftHfH30GbSeZekVoe4m3Ap5I5f6MD7c03MxSa_oxw-V2keA6W_v1JJGMvXAKI5eqa3vaXW94RkbMbSh0ey6TMNXDyW-u2lCVbjrhGLVs16qMNEtSUaCcmToJ22Wi35Z4xlsv0FOLR9WbMWRmIrjr5BvQxQ2MNtA",
  "expires_in": 3600,
  "token_type": "Bearer"
}

Get the authorization details for an app

Request

Security
Biller Access Token (Production) or Biller Access Token (Staging)
Query
clientIdstring
statestring
curl -i -X GET \
  'https://developer.adfin.com/_mock/products/direct-integration/direct-integration-api-reference/oauth2/authorization?clientId=string&state=string' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Responses

The app was successfully retrieved

Bodyapplication/json
namestring
redirectUriArray of strings
scopesArray of strings
logoFilePathstring
Response
application/json
{
  "name": "string",
  "redirectUri": [
    "string"
  ],
  "scopes": [
    "string"
  ],
  "logoFilePath": "string"
}

Biller

Operations

Customers

Operations

Direct debit mandates

Operations

Invoices

Operations

Recurring invoices

Operations

Payment requests

Operations

Recurring payment requests

Operations

Payments

Operations

Tax rates

Operations

Items

Operations

Workflows

Operations

Webhooks

Operations