Initial Setup

Documentation page

The objective of the initial setup is to understand the different API authentication methods, get access to the Advanced Fraud Solutions UAT environment and API token, and understand how to manage the UAT API tokens.

Tokens and Authentication

To authenticate API requests, Advanced Fraud Solutions requires an API token (key) to be included in each request. Depending on the product, authentication is supported in one of the following ways:

Long-lived token model
Refresh + Access token model (recommended for enhanced security)

Long-Lived Token Model

TrueChecks, TrueACH, TrueWire, Positive Pay TrueAccount, and Contributions support authentication using a single long-lived API token. In this model:

The API token is issued via the Client Portal.
The token is included in every API request.
The token remains valid until it expires or is manually revoked.

Refresh + Access Token Model

TrueACH and TrueWire also support an optional, more secure authentication model. In this model:

A long-lived Refresh API token is issued.
The refresh token is used to call the token endpoint:
```
Security/GetAccessToken
```
The endpoint returns a short-lived Access token.
The access token is then used to authenticate business API requests.

Important considerations:

Refresh tokens are long-lived and must be stored securely.
Access tokens are short-lived and expire based on the configurable time to live.
When an access token expires, a new one must be obtained using the refresh token.

Authorization Header Format

API tokens must be included in the request header using the Authorization field. Header format varies by product:

TrueChecks and Contributions

Authorization: X-ApiKey <UAT_API_TOKEN>

TrueACH, TrueWire, Positive Pay, and TrueAccount

Authorization: Bearer <UAT_API_TOKEN>

UAT Portal Access

AFS Support will create your UAT account and issue UAT API tokens specific to each product. Use these URLs to access your UAT account through our web-based portals: