🔐 Authentication

All API routes require authentication via Bearer Token JWT. The token must be obtained through the Kapitale OAuth2 authentication system using the client credentials flow.

Authentication Endpoint URLs

Environment	URL
Production	`https://partners-auth.kapitale.com.br/oauth2/token`
Sandbox	`https://partners-auth-sandbox.kapitale.com.br/oauth2/token`

OAuth Scopes

Each endpoint requires a specific scope in the token:

Scope	Endpoints
`partner-can/cnpj.read`	GET /company/cnpj/{cnpj}
`partner-can/orders.create`	POST /order
`partner-can/orders.read`	GET /order, GET /order/{id}, PATCH /order/cancel/{order_id}
`partner-can/orders.sentnf`	PATCH /order/invoice/{order_id}

How to obtain the token

The API uses the OAuth2 Client Credentials flow. You will need client_id and client_secret provided by the Kapitale team.

Request parameters (application/x-www-form-urlencoded):

Parameter	Required	Description
`grant_type`	Yes	Must be `client_credentials`
`client_id`	Yes	Your client identifier
`client_secret`	Yes	Your client secret
`scope`	Yes	Space-separated list of scopes (e.g., `partner-can/cnpj.read partner-can/orders.create partner-can/orders.read partner-can/orders.sentnf`)

Example:

Replace {{client_id}} and {{client_secret}} with your credentials. Store them securely (e.g., environment variables) and never commit them to version control.

Example response:

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expires_in": 3600,
  "token_type": "Bearer"
}

Use the access_token value in the Authorization header of your API requests.

How to use the token

Include the token in the Authorization header of all requests:

🔐 Authentication

Authentication Endpoint URLs#

OAuth Scopes#

How to obtain the token#

How to use the token#

Example of authenticated request#

Authentication Endpoint URLs

OAuth Scopes

How to obtain the token

How to use the token

Example of authenticated request