Skip to main content

Client Onboarding & API Access

Last updated on Nov 18, 2025 at 11:59 AM

The ImPAI platform provides selected clients β€” both personal and business β€” secure programmatic access to our services through APIs. This chapter explains how to get credentials, authenticate, and start integrating.

Eligibility Requirements​

To gain access to the ImPAI API, clients must complete the required KYC/KYB (Know-Your-Customer/Know-Your-Business) verification process.
To request onboarding, please contact us at info@im-par.de.

Once verified, access credentials will be issued following the onboarding steps below.

Onboarding Process​

  1. Verification: Complete all regulatory KYC/KYB requirements.
  2. Application: Request API access through your account manager.
  3. Approval: ImPAI team reviews and confirms the request.
  4. Credential Generation: Unique credentials are created for your application.
  5. Integration: Begin implementing the API with your development team.

API Credentials Issued​

Upon successful onboarding, you will receive credentials to authenticate using the OAuth 2.0 Password Credentials Grant flow:

CredentialDescriptionUsage
Client IDUnique identifier for your applicationRequired in all API calls
ClientΒ SecretConfidential key for your Client IDUsed to obtain access tokens
UsernameAssigned login usernameRequired for authentication
PasswordCorresponding passwordRequired for authentication

Security Notice

Store all credentials securely.
Never expose your Client Secret, Password, or Shared Secret in client-side code or public repositories.

How Authentication Works​

ImPAI uses industry-standard OAuth 2.0 to ensure secure authorization of all requests.

Flow Overview

  • Your application sends the issued credentials to the authentication endpoint
  • The system issues time-limited access and refresh tokens
  • Your application includes the access token in the Authorization header for each request
  • When the access token expires, the refresh token allows silent renewal without user input
Legend
Access TokenUsed for all API requests (short-lived)
Refresh TokenUsed to renew access without re-login (longer-lived)




This approach ensures:
βœ… Granular permission control
βœ… Secure session lifecycle
βœ… Full auditability of access events

Need implementation details?

For detailed information on the authentication flow, see πŸ‘‰ Authentication.

Next Steps​

Once onboarded:

  1. Review the Authentication documentation to learn how to request and refresh access tokens.
  2. Start integrating with the API endpoints required for your solution.

For technical support, contact your account manager or our developer support team.

Last updated on