Quickstart: Retrieve your first client

This walkthrough builds a minimal integration that authenticates, lists clients, and fetches a single client record. It uses the Authorization Code flow and cURL for clarity, but you can translate the same steps into any HTTP client.

Prerequisites

An active Krebit Finance tenant.
An OAuth application with client credentials (client_id, client_secret) and a redirect URI.

Set helpful environment variables before proceeding:

export KREBIT_DOMAIN="yourco.krebit.se"
export KREBIT_API="https://${KREBIT_DOMAIN}/api/1.0"
export KREBIT_CLIENT_ID="YOUR_CLIENT_ID"
export KREBIT_CLIENT_SECRET="YOUR_CLIENT_SECRET"
export KREBIT_REDIRECT_URI="https://yourapp.example.com/oauth/callback"
export KREBIT_AUTH_CODE="AUTH_CODE_FROM_CALLBACK"
export KREBIT_REFRESH_TOKEN="STORED_REFRESH_TOKEN"
export KREBIT_STATE="CSRF_PROTECTION_VALUE"

KREBIT_DOMAIN should be your tenant subdomain without a protocol (for example, yourco.krebit.se).

Step 1 - Obtain an access token

First, direct a user to the authorization URL:

https://${KREBIT_DOMAIN}/oauth/authorize?client_id=${KREBIT_CLIENT_ID}&redirect_uri=${KREBIT_REDIRECT_URI}&response_type=code&state=${KREBIT_STATE}

After the redirect back to your app, exchange the authorization code for tokens:

ACCESS_TOKEN=$(curl --silent --request POST \
  --url https://${KREBIT_DOMAIN}/api/oauth/token \
  --header 'Content-Type: application/json' \
  --data "{
    \"grant_type\": \"authorization_code\",
    \"client_id\": \"${KREBIT_CLIENT_ID}\",
    \"client_secret\": \"${KREBIT_CLIENT_SECRET}\",
    \"redirect_uri\": \"${KREBIT_REDIRECT_URI}\",
    \"code\": \"${KREBIT_AUTH_CODE}\"
  }" | jq -r '.access_token')

If you do not have jq, run the request manually and copy the access_token. Store the accompanying refresh_token to renew access when the access token expires.

Step 2 - Verify identity

Confirm the credentials by requesting the current user profile:

curl --request GET \
  --url ${KREBIT_API}/me \
  --header "Authorization: Bearer ${ACCESS_TOKEN}"

A 200 response indicates the token is valid for this tenant.

Step 3 - List clients

Use pagination parameters to control the size of the response:

curl --request GET \
  --url "${KREBIT_API}/clients?limit=10&page=1" \
  --header "Authorization: Bearer ${ACCESS_TOKEN}" | jq '.data'

Capture the id of a client you want to inspect further.

Step 4 - Fetch client details

CLIENT_ID=12345

curl --request GET \
  --url "${KREBIT_API}/clients/${CLIENT_ID}" \
  --header "Authorization: Bearer ${ACCESS_TOKEN}"

Review fields like company_name, org_number, and credit_limit to confirm you have the data you need.

Step 5 - Pull the latest act

Acts represent financial evaluations tied to a client. Use the latest act endpoint to show the most recent assessment:

curl --request GET \
  --url "${KREBIT_API}/clients/${CLIENT_ID}/acts/latest" \
  --header "Authorization: Bearer ${ACCESS_TOKEN}"

If you need the act's data points (the field values captured in the assessment), fetch them by UUID:

ACT_UUID="123e4567-e89b-12d3-a456-426614174000"

curl --request GET \
  --url "${KREBIT_API}/acts/${ACT_UUID}/data" \
  --header "Authorization: Bearer ${ACCESS_TOKEN}"

Optional - Create a webhook

Use webhooks to keep downstream systems synchronized. Provide a target URL and an event value listed in the API reference.

curl --request POST \
  --url "${KREBIT_API}/webhooks" \
  --header "Authorization: Bearer ${ACCESS_TOKEN}" \
  --header 'Content-Type: application/json' \
  --data '{
    "event": "EVENT_TYPE",
    "target": "https://example.com/webhooks/krebit"
  }'

Store the returned secret securely so you can verify webhook signatures.

Example Node.js integration

The snippet below lists clients with axios. It assumes you already stored a refresh token from the Authorization Code flow. Add robust error handling and retries before using it in production.

import axios from 'axios';

const baseUrl = `https://${process.env.KREBIT_DOMAIN}`;
const api = axios.create({
  baseURL: `${baseUrl}/api/1.0`,
  headers: { Accept: 'application/json' },
});

async function authenticate() {
  const { data } = await axios.post(`${baseUrl}/api/oauth/token`, {
    grant_type: 'refresh_token',
    client_id: process.env.KREBIT_CLIENT_ID,
    client_secret: process.env.KREBIT_CLIENT_SECRET,
    refresh_token: process.env.KREBIT_REFRESH_TOKEN,
  });
  api.defaults.headers.common.Authorization = `Bearer ${data.access_token}`;
}

async function run() {
  await authenticate();

  const { data } = await api.get('/clients', {
    params: { limit: 10, page: 1 },
  });

  console.log('Client count:', data?.data?.length ?? 0);
}

run().catch((error) => {
  console.error('Krebit Finance API error', error.response?.data || error.message);
  process.exit(1);
});

Where to go next

Review the Clients guide for data modeling tips.
Learn how to interpret acts in the Acts guide.
Use Templates to understand the structure behind act data.
Configure Webhooks to receive updates without polling.
Browse the generated API reference from the sidebar whenever you need parameter or schema details.

Prerequisites​

Step 1 - Obtain an access token​

Step 2 - Verify identity​

Step 3 - List clients​

Step 4 - Fetch client details​

Step 5 - Pull the latest act​

Optional - Create a webhook​

Example Node.js integration​

Where to go next​