GuidesRecipesAPI ReferenceChangelog
Guides

API Keys

Generate and manage API key pairs for secure access to the Cybrid platform.

Set up your Organization and Bank

Before interacting with the Cybrid API, create an Organization and Bank through the dashboard.

After logging in, you are guided through three steps:

  1. Name your Organization — this represents your business or project within the Cybrid platform.
  2. Create a Bank — a Bank is a digital representation of a financial institution in the Cybrid ecosystem. Enter a descriptive name and configure your Bank settings.
  3. Generate an API key pair — click Generate to create a Client ID and Client Secret for secure API communication.

Store your Client Secret

Once generated, the Client ID and Client Secret display on screen. Hover over the Client Secret to reveal it, and use the copy buttons on the right to copy each value.

Cybrid dashboard showing a generated API key pair with Client ID and Client Secret fields
⚠️

Save your Client Secret immediately

The secret displays only once. If you navigate away without saving it, you must generate a new key pair.

Generate new keys

To generate new keys at any time:

  1. Navigate to the Developers tab in the Cybrid dashboard.
  2. Click Generate New Key in the top-right corner.
  3. Select either Organization keys or Bank keys.

This lets you rotate credentials or manage keys across multiple projects.

Bank-specific API credentials

When managing multiple banks under a single organization, each bank requires its own API credentials (client_id and client_secret). The access token generated from these credentials is scoped to a specific bank — all API actions (such as creating customers) run under that bank. The bank_guid parameter in API requests is ignored; the access token determines bank context.

To generate credentials for a specific bank:

  1. In the Cybrid portal, use the top-left selector to choose the bank you want to generate credentials for.
  2. Navigate to the Developers tab.
  3. Generate new credentials for that bank.

This ensures API requests are scoped to the intended bank.

Handle "Signature has expired" errors

If you receive a Signature has expired error with status 401 (authentication_failed), your access token has expired. To resolve this, generate a new token using your existing API credentials.

You do not need to recycle or rotate your API key or Client Secret for this error. Rotating secrets is only necessary if you suspect they have been compromised or as part of periodic security hygiene — not for normal token expiration.

Updated 20 days ago