GET /health) require a Bearer token in the Authorization header.
finta_ prefix. Generate and manage them from API settings.
Verify your key
CallGET /me to confirm your key is valid and Storage Mode is enabled:
403 STORAGE_MODE_REQUIRED. Enable it from Data settings or by creating a new API key (which enables it automatically).
Account scope
Each API key can be scoped to a subset of your bank accounts. When a key has a restricted scope, requests for accounts outside that scope return404 NOT_FOUND — the same response as if the resource does not exist — to avoid leaking that the account exists.
A key with no scope restriction can access all of your accounts, including any you add in the future.
When a scoped key creates a new account (for example a manual account via POST /accounts), that account is automatically added to the key’s scope so the key can read and manage it. The same applies to scoped OAuth clients.
See API Keys for how to configure scope.