[Resolved] API Key is wrong

7 posts

Dear all,

everything works great in the sandbox.
One will be referred to the fidor app confirmation screen, will be referred back to my app including the code, and then I can even transfer money. Great.

For sandbox oauth I use: aps.fidor.de/oauth
For live oauth I use: apm.fidor

For sandbox transfers I use aps.fidor.de
For live oauth I use: api.fidor.de

Now the problem is, when I switched from Sandbox to live, the first part ist still qorking (requesting the code).
But a sepa transaction will not work anymore.

Error Response:
Unauthorized – 401 – API key is wrong.

What is the API Key? The clientId? Or the secret? Or the account Id?

Any help is highly appreciated!


PS: I use these cURL Options:

curl_setopt($curl, CURLOPT_HTTPHEADER, array("Accept: application/vnd.fidor.de; version=1,text/json", "Content-Type: application/json", "Authorization: Bearer ".$resp->access_token));
curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode($curl_post_data));
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);

  • This topic was modified 7 months, 2 weeks ago by  mernst.

Hi mernst,

please make sure that the access_token (Bearer token in header) is correct.


Thank you for the reply, Stefan!

I use the $resp->access_token the oAuth gives me back.
That works well in the sandbox environemt. But as soon as I changed to live environment (by just changing the URIs) I receive the error message. The oAuth process still works very well – but the sepa transfer does not work at all.

I just tried to change the access_token into the refresh_token. Just to double check that everything is ok.

And the message now is:

[message] => Unauthorized token
[key] => Array
[0] => token_unauthorized

[code] => 401
[errors] => Array

So the Bearer access_token seems to be correct

Do you have another Idea?

Thank you!

  • This reply was modified 7 months, 2 weeks ago by  mernst. Reason: change

ok, I added some IP Addresses in the security setting in the app. Now I get another error message:

[code] => 422
[errors] => Array
[0] => stdClass Object
[field] => account_id
[message] => should be the token user’s account id
[options] => stdClass Object



What exactly is the account_id?
Do I have to create a customer at first?

You get your account_id if you query your account data with GET /accounts, see also http://api-docs.fidor.de/v1/accounts/get-accounts. It is what you get for the field “id”.


ok, thank you. Now everything works fine!
One last question: do I need to request thy account_id everytime? Or is it a static value I can store?

By they way: the link you sent me: great documentation! And so easy with the sandbox tool!

Why don’t you provide this documentation at the application manager? The only link I found was: http://docs.fidor.de/ 😉

account_id is it a static.

docs.fidor.de will be replaced by api-docs.fidor.de very soon. We will also update the links in application manager.


You must be logged in to reply in this thread.