Authentication

This page describes the API endpoint that Partners can use to retrieve access tokens required for server-side integration.

Request access token

POST /api/oauth/token

This API endpoint allows partners to obtain access tokens required for making subsequent API calls to interact with our system. Partners are provided with a unique Client ID and Client Secret, which are used to authenticate and authorize requests.

Headers

Name
Value

Accept

application/json

Content-Type

application/json

Body

Name
Type
Description

grant_type

string

The authentication method of validation credentials

client_id

string

The unique Client ID provided to the partner

client_secret

string

The Client Secret associated with the Client ID

{
    "grant_type": "client_credentials",
    "client_id": "{client_id}",
    "client_secret":"{client_secret}"
}

Response

{
    "token_type": "Bearer",
    "expires_in": 3600,
    "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiI5YjFlODJhNy0wYTU5LTRlN2UtYWRkNS1iOWZmYTM3YWFkZTEiLCJqdGkiOiI4MTc1NWE2YTdkYWYwMzgyZjBmMjcyM2EyY2M5NTFmODMwZjUzM2FmYjQ2Yjc1ZDliOWE0Y2VhN2QyMTVlZTk5MjZhOTMyNTk1NjdjYmY3OCIsImlhdCI6MTcxMDIyMDAzMS41ODMxMTIsIm5iZiI6MTcxMDIyMDAzMS41ODMxMTQsImV4cCI6MTcxMDIyMzYzMS41Nzc0NzgsInN1YiI6IiIsInNjb3BlcyI6WyJib29raW5nczpjcmVhdGUiLCJib29raW5nczpkZWxldGUiXSwidXNlcl9pZCI6Ijg0MjkwMmRiLTU0ZTUtNDYxNC1iMzQ4LTAwMmU4Y2U1ZGExMiIsInBhcnRuZXJfaWQiOiJmMzExMjBlZS1iNWNiLTQxYzQtOTUyOS0yODhkMDJlOTFjZDYiLCJpc190ZXN0IjpmYWxzZX0.Lk-68XAooy_B7hKuJwlNciIIlYjcL550iBVVUk6MW6dS36BCwCRJlSU7HuRjhTL1RSE0U4G3uM4bY4gdK0vdQESY2GuXUi8VkjpfV9WOUuwNBw8-PT5TXLFtAHGkWBoYNRTDJKw0KVcvplbLFONeGh5H-xfhHpSbxTPlpGhpHqv5K7QLIaQzSX5L6JGXreDhyS47d9PGmOnaEuRCJTVM-UCZ9lydv7iKmZX2_2osfNUGnb8NVGhchLY_S1dGWRnwQFng0_MlAHgriylzbAWXgXz9fQmAcnlfTKnMuVXrBU0Cm7WwOZDlMXr44cYAOSO1ed_Evq6DEqj_ebDXZhm0j_QXFrcbogxZiPttBiefalUHXqs_ZtGIDlvCz7C4ukDAf2_UMbLXOwuUMwFIfPzhge1cZ-5O6yQRl6CUJJqwHXBD_gt8IlBQnRECNfG5QQDjIxBh0S7WjCVRDjulrZ4t7WHLEIudeF64_StI0wZf6PNaNl62chFaVI7NNiGIY6vRxfLI-7ifzWjDcFY7d_883_CtSCd6srKW1bBIIHfLCQI5xijfZu3TCZLqDINWBoQAHQrxmMpp0-IJEL1y5cuzIjv01g1KxBRrvuOt_LYVW95IeuLSVB97T6t06bzj9M4a5GFusWlMO_CuBZ_O7TqjiFir9BnKe42wVmAHyVlpVRg"
}

Authorization Header

Partners must include the received access token in the Authorization header for subsequent API requests as proof of identity.

Example

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiI5YjFlODJhNy0wYTU5LTRlN2UtYWRkNS1iOWZmYTM3YWFkZTEiLCJqdGkiOiI4MTc1NWE2YTdkYWYwMzgyZjBmMjcyM2EyY2M5NTFmODMwZjUzM2FmYjQ2Yjc1ZDliOWE0Y2VhN2QyMTVlZTk5MjZhOTMyNTk1NjdjYmY3OCIsImlhdCI6MTcxMDIyMDAzMS41ODMxMTIsIm5iZiI6MTcxMDIyMDAzMS41ODMxMTQsImV4cCI6MTcxMDIyMzYzMS41Nzc0NzgsInN1YiI6IiIsInNjb3BlcyI6WyJib29raW5nczpjcmVhdGUiLCJib29raW5nczpkZWxldGUiXSwidXNlcl9pZCI6Ijg0MjkwMmRiLTU0ZTUtNDYxNC1iMzQ4LTAwMmU4Y2U1ZGExMiIsInBhcnRuZXJfaWQiOiJmMzExMjBlZS1iNWNiLTQxYzQtOTUyOS0yODhkMDJlOTFjZDYiLCJpc190ZXN0IjpmYWxzZX0.Lk-68XAooy_B7hKuJwlNciIIlYjcL550iBVVUk6MW6dS36BCwCRJlSU7HuRjhTL1RSE0U4G3uM4bY4gdK0vdQESY2GuXUi8VkjpfV9WOUuwNBw8-PT5TXLFtAHGkWBoYNRTDJKw0KVcvplbLFONeGh5H-xfhHpSbxTPlpGhpHqv5K7QLIaQzSX5L6JGXreDhyS47d9PGmOnaEuRCJTVM-UCZ9lydv7iKmZX2_2osfNUGnb8NVGhchLY_S1dGWRnwQFng0_MlAHgriylzbAWXgXz9fQmAcnlfTKnMuVXrBU0Cm7WwOZDlMXr44cYAOSO1ed_Evq6DEqj_ebDXZhm0j_QXFrcbogxZiPttBiefalUHXqs_ZtGIDlvCz7C4ukDAf2_UMbLXOwuUMwFIfPzhge1cZ-5O6yQRl6CUJJqwHXBD_gt8IlBQnRECNfG5QQDjIxBh0S7WjCVRDjulrZ4t7WHLEIudeF64_StI0wZf6PNaNl62chFaVI7NNiGIY6vRxfLI-7ifzWjDcFY7d_883_CtSCd6srKW1bBIIHfLCQI5xijfZu3TCZLqDINWBoQAHQrxmMpp0-IJEL1y5cuzIjv01g1KxBRrvuOt_LYVW95IeuLSVB97T6t06bzj9M4a5GFusWlMO_CuBZ_O7TqjiFir9BnKe42wVmAHyVlpVRg

Security

  • Partners should keep their Client ID and secret secure and not expose them publicly.

  • Access tokens should be treated as sensitive information and securely transmitted over HTTPS.

  • Access tokens have a limited validity period and cannot be refreshed. Partners should request a new access token as needed to maintain access to the system.

Last updated