Authorization

Follow this guide to create a new Ding Connect credential that will allow Nexla to authenticate to and exchange data with your Ding Connect account.

Ding Connect

Prerequisites

To connect Nexla to Ding Connect, you need an active DingConnect distributor account and API credentials. DingConnect supports two authentication methods: OAuth 2.0 (Client Credentials) — the recommended method for all new integrations — and a legacy API Key for backward compatibility with existing integrations.

Register for a DingConnect Account

If you do not already have a DingConnect account, visit dingconnect.com and apply to become a partner. DingConnect serves businesses such as OTT platforms, financial institutions, retailers, and POS providers. Once your application is approved, you will receive access to the DingConnect portal (also known as DingPartner+).

Obtain OAuth 2.0 Credentials (Recommended)

OAuth 2.0 using the client credentials flow is the recommended authentication method for all new DingConnect integrations. This flow is designed for server-to-server API requests and does not require user interaction.

1. Sign in to the DingConnect portal.

2. Navigate to Account Settings, then click the Developer tab. This tab lists all API credentials — both OAuth and API Key — in a table.

3. In the OAuth Credentials section, click the button to generate new OAuth credentials. A Client ID and Client Secret will be created and displayed.

   Important

   Copy your Client Secret immediately and store it securely. It will not be shown again after you leave this page.

4. Optionally, configure IP whitelisting for the credential by clicking Edit under the IP Whitelisting column. Enter a comma-separated list of IP addresses, subnets, or fully qualified domain names that are permitted to use this credential. This restricts API access to your known Nexla infrastructure addresses.

5. The Access Token URL for DingConnect is https://idp.ding.com/connect/token. This is the endpoint where Nexla will exchange your Client ID and Client Secret for a short-lived Bearer token. You do not need to change this value unless DingConnect instructs otherwise.

DingConnect also provides a test environment. If you created your OAuth credentials under a Test Agent in the DingConnect portal, those credentials will operate in test mode and will not execute live transfers or charge your account.

Obtain a Legacy API Key (Optional)

If you are maintaining a legacy integration that already uses an API key, you can retrieve or generate a key from the same Developer tab in Account Settings.

1. Sign in to the DingConnect portal.

2. Navigate to Account Settings > Developer tab.

3. In the API Key Credentials section, generate a new API key if one does not already exist. The key is a static string that is sent as the api_key HTTP header on every API request.

4. Optionally, configure IP whitelisting for the key by clicking Edit under the IP Whitelisting column.

DingConnect recommends using OAuth 2.0 for all new integrations. The API key method is maintained for backward compatibility only. Each Test Agent in DingConnect can have a maximum of two API keys and two OAuth2 credentials.

Create a Ding Connect Credential

• To create a new Ding Connect credential, after selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.

Credential Name & Description

1. Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.

   Resource descriptions are recommended but are not required. They should be used to provide information about the resource purpose, data freshness, etc. that can help the owner and other users efficiently understand and utilize the resource.

Authentication Method

DingConnect supports two authentication methods. Select the tab below that corresponds to the method you are configuring.

Ding Connect Authentication Methods

OAuth 2.0 (Recommended)

OAuth 2.0 using the client credentials flow is Ding Connect's recommended authentication method for all new integrations. Nexla will automatically obtain and refresh a short-lived Bearer token from the Ding identity provider using your Client ID and Client Secret — no manual token management is required.

1. Enter your OAuth 2.0 **Client ID** in the **Client ID** field. This is the client identifier issued when you generated OAuth credentials in the DingConnect portal under **Account Settings** > **Developer** tab.
2. Enter your OAuth 2.0 **Client Secret** in the **Client Secret** field. This secret is paired with the Client ID and is used to authenticate token requests to the Ding identity provider. Treat this value as a password and do not share it.
3. Verify that the **Access Token URL** field contains `https://idp.ding.com/connect/token`. This is the DingConnect OAuth token endpoint where Nexla will request Bearer tokens. This value defaults to the correct Ding identity provider URL and should only be changed if DingConnect explicitly instructs you to use a different token endpoint.

API Key (Legacy)

The API Key method is a legacy authentication option maintained for backward compatibility with existing integrations. A static API key is sent as the `api_key` HTTP request header on every API call. For new integrations, use OAuth 2.0 instead.

1. Enter your DingConnect **API Key** in the **API Key** field. This key can be found or generated in the DingConnect portal under **Account Settings** > **Developer** tab, in the **API Key Credentials** section. The key authenticates each request directly and should be kept secure.

Save the Credential

1. Once all of the relevant steps in the above sections have been completed, click the Save button at the bottom of the overlay to save the configured credential.

2. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.