This page provides solutions to common authentication issues when working with Flinks authorization endpoints. For a summary of all credentials and which header/value to use on each endpoint, see the Authentication Reference.Documentation Index
Fetch the complete documentation index at: https://docs.flinks.com/llms.txt
Use this file to discover all available pages before exploring further.
Common Error Messages
”You must provide a valid authorize token” Error
Problem: Getting 401 Unauthorized error Solutions:- Verify your secret key is correct and hasn’t expired
- Check the header name is exactly
flinks-auth-key(notx-api-keyorAuthorization) - For /GenerateAuthorizeToken: Use your secret key in the header
- For /Authorize: Use the generated authorize token (not the secret key)
Authentication Token Issues
“You must provide a valid auth key” (when generating tokens)- Verify your secret key is correct
- Ensure you’re using the secret key provided by Flinks during integration setup
- Check that you’re using the correct environment credentials
- Confirm the LoginId was obtained from a successful Flinks Connect session
- Verify you’re using the correct environment (sandbox vs production)
- Check that the LoginId hasn’t been deleted via /DeleteCard
Token Management
Token Usage Rules
Important Notes:- The generated authorize token is single-use only
- Token expires after 30 minutes if unused
- Use the token immediately in your next API call (either Flinks Connect or /Authorize endpoint)
- Generate a new token for each authentication flow
Header Configuration Issues
Wrong Header Names
Header Requirements by Endpoint
| Endpoint | Header Name | Header Value |
|---|---|---|
| /GenerateAuthorizeToken | flinks-auth-key | Your secret key |
| /Authorize (Direct API) | flinks-auth-key | Generated authorize token |
| Flinks Connect | N/A | Pass token as URL parameter |
Important: Do not confuse
flinks-auth-key with x-api-key. Always use flinks-auth-key for Flinks authentication.URL Format Issues
URL Format Validation
Ensure your URLs follow this exact format:- ❌
https://toolbox-api.private.fin.ag//v3/...(double slash) - ❌
https://toolbox.api.private.fin.ag/v3/...(wrong subdomain format) - ✅
https://toolbox-api.private.fin.ag/v3/...(correct)
Environment-Specific URLs
| Environment | Instance | API Base URL | Iframe Base URL |
|---|---|---|---|
| Sandbox/Testing | toolbox | https://toolbox-api.private.fin.ag | https://toolbox-iframe.private.fin.ag |
| Production | Your company name | https://{company}-api.private.fin.ag | https://{company}-iframe.private.fin.ag |
Environment Configuration
Sandbox vs Production Setup
Sandbox/Testing Environment:- Instance:
toolbox - URL:
https://toolbox-api.private.fin.ag/v3/{customerId}/... - Use test credentials for generating authorize tokens
- Instance: Your company name
- URL:
https://{yourcompany}-api.private.fin.ag/v3/{customerId}/... - Use production credentials provided by Flinks
Integration Flow Issues
Authentication Flow Validation
The correct authentication flow:- Obtain Secret Key: Get from Flinks during integration setup
- Generate Authorize Token: Call /GenerateAuthorizeToken with secret key
- Use Token Immediately:
- Flinks Connect: Add
authorizeToken={token}to iframe URL - Direct API: Pass token as
flinks-auth-keyheader to /Authorize
- Flinks Connect: Add
- Handle Response: Process successful authentication or error responses
Common Integration Mistakes
Wrong Token Type:- Use secret key when calling /GenerateAuthorizeToken
- Use authorize token when calling /Authorize
- Never confuse these two - they serve different purposes
- Generate new tokens for each authentication session
- Don’t cache or reuse tokens across multiple sessions
- Implement token refresh logic in your application
Need Additional Help?
If these troubleshooting steps don’t resolve your issue:- Check the Error Codes page for specific error code documentation
- Review the Getting Started guide for complete setup instructions
- Contact Flinks with specific error details and request context