Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.fyatu.com/llms.txt

Use this file to discover all available pages before exploring further.

The Business Console is the developer hub inside the Business Portal. This is where you create and manage the Apps that power your V3 API integration — generating credentials, scoping permissions, and setting up webhooks.

App Types

Every API call is scoped to an App. The app type determines which V3 API endpoints are available:
App TypeAPIs AvailableScopes Granted
Collection AppCollections, Payouts, Refunds, Accountcollect:write, collect:read, payout:write, payout:read
Issuing AppCards, Cardholders, Accountcards:write, cards:read, cardholders:write, cardholders:read
All app types include access to the Account endpoints (wallet balance, transactions, statement, invoices).

Creating an App

1

Open the Business Console

Click Business Console in the left sidebar of the portal.
2

Click Create App

Choose Collection App or Issuing App based on what you want to build.
3

Name your app

Give the app a descriptive name (e.g. Card Issuing — Production). You can create multiple apps for different environments or use cases.
4

Copy your credentials

After creation, your appId and secretKey are displayed once. Store the secretKey securely — it cannot be retrieved again, only regenerated.
Your secretKey is shown only at creation time. If you lose it, you must regenerate it — which immediately invalidates the old key.

API Credentials

Each app has two credentials:
CredentialDescription
appIdPublic identifier for your app. Safe to log.
secretKeyUsed to authenticate token requests. Treat as a password — never expose in client-side code.
You exchange these credentials for a short-lived JWT token, which you include as a Bearer token on every API request. See Authentication for details.

Regenerating a Secret Key

If your secretKey is compromised:
  1. Go to Business Console → Your App → Settings.
  2. Click Regenerate Secret Key.
  3. Confirm the action — the old key is immediately invalidated.
  4. Update your server environment with the new key.

Webhooks

Each app can be configured with a webhook endpoint to receive real-time event notifications.
1

Go to your app's Webhooks tab

In the Business Console, open your app and click Webhooks.
2

Add an endpoint

Enter your HTTPS endpoint URL. Fyatu will POST signed JSON payloads to this URL for every subscribed event.
3

Select events

Choose which events to subscribe to (e.g. CARD_CREATED, COLLECTION_RECEIVED, PAYOUT_COMPLETED).
4

Copy the webhook secret

Use the webhook secret to verify the HMAC-SHA256 signature on incoming payloads. See Signature Verification.

KYB Status

Business-level identity verification (KYB) is required before your app can process live transactions. The KYB status is visible in Business Console → KYB.
StatusMeaning
PendingNo documents submitted yet
In ReviewDocuments submitted, under review
ApprovedFull live access granted
RejectedReview the rejection reason and resubmit