Skip to main content

Step 1: Choose your authentication method

Before making any API calls, determine which authentication method you’ll use:
  • Static API Key - A login/secret pair provided by Qonto
  • OAuth - Token-based authentication using the OAuth 2.0 flow
Not sure which to use? We have a detailed guide here explaining the differences & supported endpoints for each authentication method.

Step 2: Test with a simple endpoint

Make a test call to the List Bank Accounts endpoint to verify your setup. 
GET /v2/bank_accounts

Step 3: Diagnose the response

✅ Got a success response code? (2XX)

Expand the section below based on what you received:
Congratulations! You’re successfully authenticated and connected to the Qonto API.You can now proceed with making other API requests.
Issue: You’re trying to access the Staging environment without proper Staging Token.Solution: Add the X-Qonto-Staging-Token header to your request. This token can be found in the developer portal.
X-Qonto-Staging-Token: your-staging-token-here
The Sandbox environment requires the staging token header in addition to your regular authentication credentials.

❌ Got an error response? (4XX)

Follow the troubleshooting steps for your authentication method:

Verify your API key format

Your static API key must be provided in the Authorization header using HTTP Basic Authentication format:
Authorization: {login}:{secret}
Example:
Authorization: your-login-here:your-secret-here
Do not include “Basic” before the credentials - use the raw {login}:{secret} format directly.
Some users confuse this with basic authentication, but it is not.

Common mistakes

  • Missing the colon separator: loginSecret
  • Swapping login and secret: {secret}:{login}
  • Adding a “Bearer” prefix before the login & secret
  • Adding a “Basic” prefix before the login & secret
  • Including extra spaces or line breaks
  • Base64 encoding when not required