search

Authentication

Authentication with the XPay API takes place using a JWT, which needs to be regularly renewed, in order to satisfy security best practises.

hashtag
Introduction to JWTs

You can read more about JWTs here https://jwt.io/arrow-up-right.

hashtag
Credentials for login

You should be provided an API key and password to use with the authentication flow, during your integration journey.

You can then use them in order to generate a string value for the Authorization header, as in the below pseudocode. It generates the credentials to be used, consisting of the base64 encoded string, which should contain the api key, a colon, and the password.

credentials = base64encode(api_key + ':' + password)

hashtag
Get a JWT token endpoint

Here is an example of a successful request to obtain a new JWT.

hashtag
Get new JWT

GET https://staging.api.xpay.xcover.com/auth/jwt/token/programmatic-access

Gets a new JWT for programmatic access to the XPay API

hashtag
Headers

Name
Type
Description

Authorization*

String

Basic {{credentials}}

{
    // Response
}

The JWT to be used is the string in the data.jwt property of the response.

PreviousQuick StartNextTokenization

Last updated