Skip to main content

Getting Your Credentials

When you start working with FrankieOne, you receive your credentials via a secure 1Password link. This package includes the following for each environment (UAT and Production):
  • Customer ID — your primary account identifier (UUID format)
  • API Key — your secret authentication token
  • Child ID (if applicable) — issued when your account uses child entities
  • Portal URL
  • API Base URL
FrankieOne typically sets up the UAT environment first. The UAT environment is not connected to real production data or live data sources — mock sources such as testbed are used for testing purposes.

Understanding Your Credentials

Customer ID (Required)

Your primary account identifier. Required for all API calls. Format: UUID (e.g., 12345678-1234-1234-1234-123456789012)

API Key (Required)

Your secret authentication token. Keep this secure and never share it publicly. Format: Long alphanumeric string (e.g., 245c765b124a098d09ef8765....)

Child ID (Optional)

Only required if your account uses child entities. A Child ID is issued when:
  • You are accessing the service as part of an organisational division (e.g., regional or country division).
  • You are acting as an agent of a service that uses FrankieOne for their KYC/AML needs.
Format: UUID (e.g., 87654321-4321-4321-4321-210987654321)

Setting Up API Authentication

Required Headers

All API requests must include these headers: 
X-Frankie-CustomerID: YOUR_CUSTOMER_ID
api_key: YOUR_API_KEY

If You Have a Child Account

If you have been provided with a Child ID, you must also include it: 
X-Frankie-CustomerID: YOUR_CUSTOMER_ID
X-Frankie-CustomerChildID: YOUR_CHILD_ID
api_key: YOUR_API_KEY

Header Format Requirements

Headers are case-sensitive and must be formatted exactly as shown.
Correct:
HeaderNotes
X-Frankie-CustomerIDUppercase ID at the end
X-Frankie-CustomerChildIDUppercase ID at the end
api_keyAll lowercase with underscore
Incorrect (common mistakes):
Incorrect HeaderIssue
X-Frankie-CustomerIdWrong case — Id should be ID
X-Frankie-Customer-IDExtra hyphen
api-keyHyphen instead of underscore
API_KEYWrong case

Environment URLs

Ensure you are using the correct URLs for your environment.

UAT Environment

ResourceURL
API Base URLhttps://api.uat.frankie.one
Portal URLhttps://portal.kycaml.uat.frankieone.com

Production Environment

ResourceURL
API Base URLhttps://api.frankie.one
Portal URLhttps://portal.frankieone.com
All V2 API paths are prefixed with /v2 (e.g., https://api.uat.frankie.one/v2/individuals).
Using UAT credentials with Production URLs (or vice versa) causes authentication failures. Always ensure your credentials match your environment.

Common Authentication Issues

Issue 1: Unauthorized (401)

Error codes: AUTH-0002 or AUTH-0401 Possible causes:
  • Incorrect API key or Customer ID
  • Missing Child ID when one is required
  • Wrong environment (UAT credentials sent to Production, or vice versa)
  • Case sensitivity errors in header names
Troubleshooting steps:
  1. Verify header names — check that header names are exactly correct with proper capitalisation: X-Frankie-CustomerID (not X-Frankie-CustomerId), api_key (not API_KEY or api-key).
  2. Check for extra spaces — ensure there are no leading or trailing spaces in your credentials.
  3. Verify complete credentials — make sure you have copied the entire API key. These are long strings and can be accidentally truncated.
  4. Confirm environment match — UAT credentials must be used with the UAT URL, and Production credentials with the Production URL.
  5. Check Child ID requirement — if you have a Child ID, you must include the X-Frankie-CustomerChildID header.

Issue 2: Bad Request (400)

Error code: API-0400 Possible causes:
  • Malformed UUID format
  • Special characters in credentials
  • Incorrect header format
Troubleshooting steps:
  1. Validate UUID format — Customer IDs and Child IDs should be in standard UUID format: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx (lowercase hexadecimal characters with hyphens in specific positions).
  2. Check for copy-paste issues — when copying from 1Password or email, do not include surrounding quotes, line breaks, or hidden characters.

Issue 3: Forbidden (403)

Possible causes:
  • Attempting to access a child account’s data from a parent account without proper permissions
  • Attempting unauthorised operations
  • Account permissions not properly configured
Solution: Contact FrankieOne support to verify your account permissions and access levels.

Issue 4: Not Seeing Entities in Portal

Scenario: You have made API calls successfully but do not see the entities in the Portal. Possible causes:
  • If your API calls include a Child ID, you need to be viewing the child account in the Portal — not the parent account.
  • Parent accounts can view child account data, but child accounts cannot view parent account data or other child accounts’ data.
Solution:
  1. Check the account dropdown in the top-right corner of the Portal.
  2. If your API calls use a Child ID, switch to that child account view. If your API calls use only the Customer ID (parent), ensure you are in the parent account view.
  3. Verify the entity was created by checking the API response for the entity ID and searching for it in the Portal.

Portal Access

Requesting Portal Access

If you have not been provided with Portal access, contact FrankieOne support at help@frankieone.com with:
  • Your name and email address
  • The environment you need access to (UAT, Production, or both)
  • Whether you need parent or child account access

Parent and Child Accounts in the Portal

Parent Account:
  • Can view all child account data
  • Can act as a child account
  • Has administrative capabilities and can manage users across all accounts
Child Account:
  • Has its own API key
  • Cannot see parent account data or other child accounts’ data
  • Can have separate billing
  • Restricted to its own data view
For security, users in a child account cannot view or assign users from the parent account by default.

Testing Your Connection

Use this API call to verify your credentials are working: 
curl --location 'https://api.uat.frankie.one/v2/kyc/ruok' \
  --header 'api_key: YOUR_API_KEY' \
  --header 'X-Frankie-CustomerID: YOUR_CUSTOMER_ID'
Expected response (HTTP 200): 
{
  "status": "ok"
}
If you receive this response, your credentials are correctly configured.
The /v2/kyc/ruok endpoint is a convenience health-check endpoint. It may not appear in the OpenAPI specification.

Troubleshooting Checklist

When experiencing access issues, check these items in order:
  1. Are you using the correct environment URL (UAT vs Production)?
  2. Are your header names exactly correct (case-sensitive)?
  3. Have you copied the complete API key without truncation?
  4. Are there any extra spaces in your credentials?
  5. If you have a Child ID, are you including it in the X-Frankie-CustomerChildID header?
  6. Are your credentials for the correct environment?
  7. If using the Portal, are you viewing the correct account (parent vs child)?
  8. Have you been granted Portal access for the environment you are trying to access?

Understanding API Error Responses

Error Response Structure

FrankieOne API errors follow this structure: 
{
  "requestId": "0123456789ABCDEFGHIJKLMNOP",
  "errorCode": "AUTH-0002",
  "errorMsg": "Unauthorized",
  "details": [
    {
      "issue": "Invalid Authentication provided. Access denied.",
      "issueLocation": "request"
    }
  ]
}
The details array provides additional diagnostic information. Each entry includes an issue description and an issueLocation indicating where the problem was detected.

Error Code Prefixes

The prefix of an error code indicates the domain of the issue:
PrefixMeaning
AUTHAuthorisation and security related errors
APIErrors in the API request (incorrectly constructed)
VALAPI data validation errors
SYSSystem-level errors
ENTErrors related to entity functions
DOCErrors related to document functions

Common Authentication Error Codes

Error CodeHTTP StatusDescription
AUTH-0002401Invalid authentication provided. Access denied.
AUTH-0401401No API key provided. Access denied.
API-0400400Parsing credentials failed — invalid format
ENT-1029401Attempt to access unauthorised data
For a complete list of error codes, see the Error Codes reference.

Getting Help

When to Contact FrankieOne Support

Contact help@frankieone.com if:
  • You have not received your credentials.
  • You need Portal access.
  • You are consistently getting authentication errors after verifying all credentials.
  • You need to confirm whether you should have a Child ID.
  • You need to verify your account configuration.
  • You need parent/child account permissions adjusted.

Information to Provide

When contacting support about access issues, include:
  • The environment you are trying to access (UAT or Production)
  • The error message you are receiving (including the error code)
  • Whether you are trying to access via API or Portal
  • Your Customer ID (safe to share)
  • Whether you have a Child ID
  • The exact headers you are using (without the actual API key value)
  • A sample curl command or API request (with credentials redacted)
Do not share your actual API key or password.

Best Practices

  • Store credentials securely — use environment variables or a secure credential management system.
  • Never commit credentials — do not commit API keys to version control.
  • Use environment-specific credentials — keep UAT and Production credentials separate.
  • Test in UAT first — always test your integration in UAT before moving to Production.
  • Verify environment URLs — double-check you are using the correct URL for your environment.
  • Keep credentials updated — if credentials are rotated, update them immediately in all systems.

Additional Resources