💰
XPay API Partner Docs
  • Introduction
  • Quick Start
  • Authentication
  • Tokenization
  • Reference
    • API Reference
      • Credit Card Customer Token
      • Direct Debit Customer Token
      • Braintree Grant Customer Token
      • Braintree Client Token
      • Customer Tokens
Powered by GitBook
On this page
  • Introduction to JWTs
  • Credentials for login
  • Get a JWT token endpoint
  • Get new JWT

Authentication

Authentication with the XPay API takes place using a JWT, which needs to be regularly renewed, in order to satisfy security best practises.

PreviousQuick StartNextTokenization

Last updated 1 year ago

Introduction to JWTs

You can read more about JWTs here .

Credentials for login

You should be provided an API key and password to use with the authentication flow, during your integration journey.

You can then use them in order to generate a string value for the Authorization header, as in the below pseudocode. It generates the credentials to be used, consisting of the base64 encoded string, which should contain the api key, a colon, and the password.

credentials = base64encode(api_key + ':' + password)

Get a JWT token endpoint

Here is an example of a successful request to obtain a new JWT.

Get new JWT

GET https://staging.api.xpay.xcover.com/auth/jwt/token/programmatic-access

Gets a new JWT for programmatic access to the XPay API

Headers

Name
Type
Description

Authorization*

String

Basic {{credentials}}

{
    // Response
}
{
    // Response
}
{
    // Response
}
HTTP 200
{
    "data": {
        "jwt": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJpc3MiOiJodHRwczpcL1wvc3RhZ2luZy5hcGkueHBheS54Y292ZXIuY29tXC9hdXRoXC9qd3RcL3Rva2VuXC9wcm9ncmFtbWF0aWMtYWNjZXNzIiwiaWF0IjoxNjc2NDQ2NTExLCJleHAiOjE2Nzc2NTYxMTEsIm5iZiI6MTY3NjQ0NjUxMSwianRpIjoiODVMaDVsTmpXcmw3VnZERCIsInN1YiI6IjVlNzgyZjFjLTg3ZDAtNGU2Ni05YWRhLWJmNzZiYmI5YzRlYiIsInBydiI6IjIzYmQ1Yzg5NDlmNjAwYWRiMzllNzAxYzQwMDg3MmRiN2E1OTc2ZjciLCJ1c2VyIjp7ImlkIjoiNWU3ODJmMWMtODdkMC00ZTY2LTlhZGEtYmY3NmJiYjljNGViIiwicHJpbWFyeVJvbGUiOiJwYXJ0bmVyIn0sImNvbnRleHQiOm51bGx9.cbUIOuNQja__bk21cwJxymL1qzIv6kkhplWNymYPyRJc269KpMK6dYtpcT-iP8TmR28iJYAxWleWrOQ33lVy2LI-TgUIVcHHtq9MDFY2Q66blZ9xY_ug0RUWtTEIqwp4ygIgAWqv9yqpB8Ke5pzUf3fOHxPalWXVxS7Zz5WfXmJVI3bf9bwzaLAVhKO6AGVO2Qz-6QAxR0uoTsZ45EUBFBxpFACZ2msGIyb_34BrT6hfPTMDHUrpX7jv-BTmyHn3SD5pYCTLw5xPHdOIdXf-lW6hgaP-qyk5-RQYSuC6VXDHrzOMZJqiinJhYti38GdCjPf4YrUC_siXND4RUBwawvTSKCqtvuNCVFHuzltopxIwzEm_XHAVBTR79zxBU1Eqw9z8XMNxC3PhPxBoccwyXw2KmIjL9J1i7JGk0JfhYj0Z8gvWpvIap0Zck14_RxaYWhxRjHqiW7TGYqMQTIftHUBsIiRkyti9fqzqeTR6KxZRPRU4YCu0ox2y7Guh9la0TNHbfu9NkOr-p3TA919jB_UMifOQNdx25mk3r6GZVvPTPveCqkcKVlHLolys5Kv9pDjM7TWd1acyOFjSwqdCk-hFAPJZbcjL0PJ4vA-Et6xgGHDGeh3TIhlVxobMUuFhchVH-ADSrohGhu8GbvDSX5yoB1PHHHs77bmxIgjBKxs",
        "tokenType": "bearer",
        "expiresIn": 20160
    }
}

The JWT to be used is the string in the data.jwt property of the response.

https://jwt.io/