Findity APIs use the OAuth 2.0 framework for authentication. You need to fetch a client ID and client secret in the expense service which can be exchanged for a token which is needed to access the APIs .
How to obtain keys
To obtain API key pairs you first need to have an account in a production or sandbox environment. Note that the API keys are quite similar to a user, meaning that a key can have different scope and access to organizations, partners and even the full client application. You can yourself generate keys on organization and partner level, with equal access rights.
For organization access, you need to enable our 'API connectivity' in Marketplace.
When this is done, a new tab will appear in the User settings 'API keys'. And here you can create new Client ID/Client secret pairs, that can be used for the API's described here.
For creating a partner key, head over to the partner view and navigate according to the screenshot belov.
Refresh the access token
Access tokens have limited lifetimes. If your application needs access to the expense service beyond the lifetime of a single access token, it can obtain a refresh token. A refresh token allows your application to obtain new access tokens.