Skip to content
API Reference/
/
Create a new API key

Dinie API (2026-03-01)

Embedded credit API for Dinie partners. Enables customer registration, credit offer management, loan origination, and event delivery via webhooks.

Download OpenAPI description
openapi.json
openapi.yaml
Overview
URL
https://dinie.nexaedge.dev
Dinie API Support
api@dinie.com.br
License
Proprietary
Languages
Servers
Mock server
https://dinie.nexaedge.dev/_mock/apis/openapi
Production
https://api.dinie.com.br/v3
Sandbox
https://sandbox.api.dinie.com.br/v3

Authentication

OAuth2 Client Credentials authentication and API key management.

Each client_id / client_secret pair represents an access credential. Exchange the credentials for a JWT token via POST /auth/token and send the token as Bearer in all requests. The token expires in 1 hour.

You can create multiple credentials for different environments and revoke them individually.

Operations

Exchange credentials for an access token

Request

Authenticates the partner using the OAuth2 Client Credentials flow. Send client_id and client_secret in the Authorization header (Basic Auth) to receive a JWT token. The token expires in 1 hour and must be sent as a Bearer token in all other requests. The SDKs handle token retrieval and renewal automatically.

Headers
Authorizationstringrequired

Basic base64(client_id:client_secret)

Bodyapplication/x-www-form-urlencodedrequired
grant_typestringrequired
Value"client_credentials"
curl -X POST https://api.dinie.com.br/v3/auth/token \
  -u "$DINIE_CLIENT_ID:$DINIE_CLIENT_SECRET" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials"

Responses

Token issued successfully

Bodyapplication/json
access_tokenstringrequired

JWT access token

Example: "dinie_at_eyJhbGciOiJIUzI1NiJ9..."
token_typestringrequired
Value"bearer"
expires_inintegerrequired

Token lifetime in seconds

Example: 3600
Response
application/json
{
  "access_token": "dinie_at_eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJkaW5pZV9jaV81NTBlODQwMGUyOWI0MWQ0YTcxNjQ0NjY1NTQ0MDAwMCIsImV4cCI6MTcwOTU1NTYwMH0.abc123",
  "token_type": "bearer",
  "expires_in": 3600
}

Create a new API key

Request

Creates a new credential pair (client_id + client_secret) for the partner. The client_secret is displayed only once in the response — store it securely. Use multiple credentials to separate environments (production, staging, development) or distinct internal systems.

Security
bearerAuth
Headers
Idempotency-Keystring

Unique string for idempotent POST requests. Cached for 24 hours.

Bodyapplication/jsonrequired
namestringrequired

Human-readable label for this key

Example: "Production Key"
expires_atstring or null(date-time)

Optional expiration date. Null = never expires.

Example: "2027-03-04T00:00:00Z"
curl -X POST https://api.dinie.com.br/v3/auth/credentials \
  -H "Authorization: Bearer $DINIE_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Chave de Produção",
    "expires_at": "2027-03-04T00:00:00Z"
  }'

Responses

Credential created

Headers
Locationstring
Example: "/v3/auth/credentials/dinie_ci_550e8400e29b41d4a716446655440000"
Bodyapplication/json
idstring(ApiClientId)^dinie_ci_[0-9a-f]{32}$required
client_idstring(ApiClientId)^dinie_ci_[0-9a-f]{32}$required
namestringrequired
Example: "Production Key"
statusstringrequired
Enum"active""revoked"
expires_atstring or null(date-time)required
created_atstring(date-time)required
updated_atstring(date-time)required
last_used_atstring or null(date-time)required
client_secretstringrequired

Store securely -- shown only once.

Example: "dinie_cs_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
Response
application/json
{
  "id": "dinie_ci_550e8400e29b41d4a716446655440000",
  "client_id": "dinie_ci_550e8400e29b41d4a716446655440000",
  "name": "Chave de Produção",
  "status": "active",
  "client_secret": "dinie_cs_live_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6",
  "expires_at": "2027-03-04T00:00:00Z",
  "created_at": "2026-03-04T10:00:00Z",
  "updated_at": "2026-03-04T10:00:00Z",
  "last_used_at": null
}

List API keys

Request

Returns all API keys for the authenticated partner, including name, creation date, and status (active or revoked). For security, the client_secret is not returned in this listing — it is displayed only at creation time via POST /auth/credentials.

Security
bearerAuth
curl https://api.dinie.com.br/v3/auth/credentials \
  -H "Authorization: Bearer $DINIE_API_TOKEN"

Responses

List of credentials

Bodyapplication/json
dataArray of objects(Credential)required
data[].​idstring(ApiClientId)^dinie_ci_[0-9a-f]{32}$required
data[].​client_idstring(ApiClientId)^dinie_ci_[0-9a-f]{32}$required
data[].​namestringrequired
Example: "Production Key"
data[].​statusstringrequired
Enum"active""revoked"
data[].​expires_atstring or null(date-time)required
data[].​created_atstring(date-time)required
data[].​updated_atstring(date-time)required
data[].​last_used_atstring or null(date-time)required
has_morebooleanrequired
Response
application/json
{
  "data": [
    {
      "id": "dinie_ci_550e8400e29b41d4a716446655440000",
      "client_id": "dinie_ci_550e8400e29b41d4a716446655440000",
      "name": "Chave de Produção",
      "status": "active",
      "expires_at": "2027-03-04T00:00:00Z",
      "created_at": "2026-03-04T10:00:00Z",
      "updated_at": "2026-03-04T10:00:00Z",
      "last_used_at": "2026-03-05T14:30:00Z"
    }
  ],
  "has_more": false
}

Revoke an API key

Request

Revokes an API key immediately and irreversibly. After revocation, no new tokens can be issued with this credential. Tokens already issued before revocation remain valid until they expire (maximum 1 hour). Use this endpoint when decommissioning an environment or in case of credential leakage.

Security
bearerAuth
Path
client_idstring(ApiClientId)^dinie_ci_[0-9a-f]{32}$required
Example: dinie_ci_550e8400e29b41d4a716446655440000
curl -X DELETE https://api.dinie.com.br/v3/auth/credentials/dinie_ci_550e8400e29b41d4a716446655440000 \
  -H "Authorization: Bearer $DINIE_API_TOKEN"

Responses

Credential revoked (empty body)

Response
No content

Customers

The Customer resource (cust_) represents a credit borrower on the platform. The lifecycle follows: registration → KYC document submission → review → activation.

Two processes happen in parallel:

  • Credit analysis — starts automatically upon registration
  • KYC verification — the customer completes at their own pace
Operations
Webhooks

Credit Offers

The CreditOffer resource (co_) represents a pre-approved credit offer for a customer. Offers are automatically generated by Dinie when a Customer reaches the active status. You are notified via the credit_offer.available webhook.

Operations
Webhooks

Loans

The Loan resource (ln_) represents a loan originated from a CreditOffer and its Simulation. After creation, the loan goes through several automated steps until disbursement.

Operations
Webhooks

Webhooks

Manage the endpoints that receive event notifications (we_). Dinie follows the Standard Webhooks specification.

Events for each resource are documented in the Customers, Credit Offers, and Loans sections. This section covers only endpoint management.

Operations