Common Questions

In this documentation, you'll find frequently asked questions about developing with the Asaas API.

Critical Authorization Error

When making certain calls, like transfers, updating account data, or bill payments, for example, you may encounter an error of "Critical authorization enabled":

        "code": "invalid_action",
        "description": "Your account has critical authorization enabled. To perform this action, inform the confirmation code." 

Every transfer made on Asaas, except for White Label accounts, needs to be approved via SMS token or APP token. However, if you need a more automated way to make transfers, it's possible to replace the token with other security functionalities.

It's possible to set fixed IPs in Asaas so that only these IPs can use our API. If any other IP attempts to do so, it will receive an error stating that it is not considered secure. With this, the authentication token can be safely removed.

Another option is to configure an authentication webhook, as described in this documentation.

You can request your account manager to disable critical authorization in production or contact support to disable it in Sandbox.

My system is not updating Asaas charges, what could be the reason?

You probably have an interrupted queue problem with your Webhook. This happens when there's some communication failure between your application and Asaas.

Check the paused queue documentation for more details.

My API key is not working

Make sure you are using the correct key in the correct environment. Our API documentation redirects all calls to Sandbox, so add a Sandbox key for testing.

Check the docs for Authentication for more details.

Does Asaas have White Label?

Yes. You can use all the functionalities of Asaas in a subaccount organization, using the API as a Bank as a Service engine.

To activate White Label in Sandbox, you need to contact technical support, and in production, align with your account manager.

Learn more about White Label.

How can I disable Asaas notifications for my clients?

Notifications are configured for each client. You have two options:

  • Create a client and send the notificationDisabled field as true, so they will never receive any notifications by default, or;
  • Enable or disable only some notifications, performing a customized notification setting. Check our notifications guide.

What does the 403 error with a Cloudfront message mean?

403 errors in GET calls indicate that you are sending a body with the request. You should not send any information in the body in GET type calls.