Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.fyatu.com/llms.txt

Use this file to discover all available pages before exploring further.

The API Keys section is where you generate the credentials your server uses to authenticate with the V3.20 API, and configure the webhook endpoints that receive real-time event notifications.

API Keys

Creating an API Key

1

Go to API Keys

Click API Keys in the portal sidebar.
2

Click Create API Key

Give the key a descriptive name (e.g. Backend — Production) and select the environment (Sandbox or Live).
3

Select scopes

Choose the minimum set of scopes required for your integration. Follow the principle of least privilege.
4

Copy the secret

The full API key is shown once at creation. Store it securely in your server environment — it cannot be retrieved again.
Your API key secret is shown only at creation time. If you lose it, revoke the key and create a new one.

Available Scopes

ScopeDescription
accounts:readView program balance, transactions, and account data
cardholders:readList and view cardholders
cardholders:writeCreate, update, and suspend cardholders
cards:readList and view cards
cards:writeIssue, freeze, fund, terminate, and manage cards
webhooks:readList and view webhook endpoints
webhooks:writeCreate, update, and delete webhook endpoints

Key Lifecycle

ActionDescription
RevokeImmediately invalidates the key. Subsequent requests with this key return 401.
DeletePermanently removes the key record after revocation.
Keys can be revoked at any time from the API Keys list. Always revoke before deleting to ensure no in-flight requests are impacted.

Webhooks

Creating a Webhook Endpoint

1

Go to Webhooks

Click Webhooks in the portal sidebar.
2

Click Create Endpoint

Enter your HTTPS URL and select the environment (Sandbox or Live).
3

Select events

Choose which event types to subscribe to — card events, cardholder events, transaction events, account events, and billing events.
4

Copy the signing secret

Use the webhook signing secret to verify HMAC-SHA256 signatures on incoming payloads. See Signature Verification.

Webhook Delivery & Retries

Fyatu delivers webhook payloads with at-most-once retry logic:
AttemptDelay
1stImmediate
2nd5 minutes
3rd30 minutes
4th2 hours
5th6 hours
After 5 failed attempts the delivery is marked Exhausted. You can manually resend any delivery from the portal.

Delivery Logs

Each webhook endpoint has a Deliveries tab that shows every outbound payload with:
  • Event type and payload
  • HTTP response code from your server
  • Latency
  • Delivery status (SUCCESS, FAILED, RETRYING, EXHAUSTED)
Use the Resend button to replay any past delivery.

Testing a Webhook

Click Send Test Event on any configured endpoint to send a synthetic payload and verify your server receives and processes it correctly before going live.

API Request Logs

The API Logs section provides a searchable audit trail of every request made with your API keys:
FieldDescription
MethodGET, POST, PATCH, DELETE
PathAPI endpoint called
StatusHTTP response status code
DurationRequest round-trip time in milliseconds
KeyAPI key prefix used
IP AddressOriginating IP address
Error CodeApplication-level error code if the request failed
Logs are retained for 7 days.