Get your credentials
Every Lina API endpoint is protected and expects an OAuth 2.0 Bearer token
on the Authorization header. This page shows how to issue that token from
your institution's credentials using the client_credentials grant.
How to request a token
Copy the command below and replace <CLIENT_ID> and <CLIENT_SECRET> with
the credentials Lina issued for your institution. The response is a JSON
payload containing the access_token you must send as
Authorization: Bearer <access_token> on every subsequent Lina API call.
This endpoint serves Lina's homologation environment. The production endpoint is shared once your institution's account is activated.
/realms/ob-epp/protocol/openid-connect/tokenRequest access token
OAuth 2.0 client_credentials grant. Returns a short-lived access token used to authorize every other Lina API call.
Corpo da requisição
3 camposgrant_type●OAuth 2.0 grant type. Must be client_credentials for this flow.
client_id●Client identifier issued by Lina for your institution.
client_secret●Client secret paired with the client_id. Keep it in a server-side secret store — never ship it to the browser.
curl --request POST \
--url 'https://iam.hml.linaob.com.br/realms/ob-epp/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data '{
"grant_type": "client_credentials",
"client_id": "<CLIENT_ID>",
"client_secret": "<CLIENT_SECRET>"
}'Response
- access_tokenstringrequired
JWT returned by the identity server. Send it as `Authorization: Bearer <access_token>` on every other Lina API call.
- expires_inintegerrequired
Access token lifetime in seconds.
- refresh_expires_inintegerrequired
Refresh token lifetime in seconds. Zero when no refresh token is issued (as is the case for the client_credentials flow).
- token_typestringrequiredDefaults to
"Bearer"Token type. Always `Bearer` for the client_credentials flow.
- not-before-policyintegerrequired
Keycloak not-before-policy timestamp. Pass through as received.
- scopestringrequired
Scopes granted to the token.
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI1QzJ5aTNsQmVLb0tGaWZVNUZSclZCN3ljZ1ZmUzljeEtKUl8zbnZ6SURzIn0...<truncated>...gPrEuPaJsLXbbp0uobNM548thw1dpP7Layv3yyAKaU1wvmyf2GfdfQri5V_7ExTBoYz-6R2iutK0gVtLiqFx8FKPp9jINhXltWnURQsMx9GLfAaXssSpYGZy6Dc8d800pLJwt1TZ7dKd70wWazJKLhuYqZ2azfxwDOC57Y70gBvp8P3a8LAMX4LpZALHoPN7y7wRgeMNaiaLY9MEKFv_pVqVQXX5IbwHzH8w9UUPgdw41kIxl918ZjDiWmhLktoajtE0DTcOaIgxGGjQ125oncnNr_45K1u94egJ5u14_faRW0GvkYlQ6lX8gn_Wy8Szod8ppFemfdQriIMW2oHwXQ",
"expires_in": 900,
"refresh_expires_in": 0,
"token_type": "Bearer",
"not-before-policy": 0,
"scope": "email profile"
}Don't have an account yet?
If your institution does not have Lina credentials yet, reach out to our team through the channels below.
| Channel | Contact |
|---|---|
| Phone | +55 61 99317 9217 |
| openx@linaopenx.com.br |
Before you contact us, have the following information handy:
- Legal name and CNPJ of your institution.
- Primary use case you plan to integrate (for example, e-commerce checkout or subscription billing).
- Expected integration timeline.
Next steps
- Lina Pay overview — product introduction and Pix modalities available through Lina Pay.