POST /authentication/getToken

Request

Authentication is performed by performing a POST to /authentication/getToken with the following body:

{
    "key": "string",
    "secret": "string"
}

Field	Mandatory	Description
key	Yes	The key can be generated from within your PAY portal under the API tab, the credentials of which will be supplied by our team. See API keys.
secret	Yes	The secret can also be generated as above.

The key/secret will be different between the Test and Production environments.

Sample Request

{
    "key": "00000000-0000-0000-0000-000000000000",
    "secret": "supersecretpassword"
}

Response

If successfully authenticated, the operation will return a token. This token is to be used in subsequent requests to other operations by supplying an Authorization header with the value bearer [token].

{
  "success": true,
  "token": "string",
  "expiresAt": "2022-09-24T13:31:00.557Z"
}

Field	Response Type	Description
success	boolean	Whether authentication was successful or not.
token	string	If success is true, this is the Bearer token to be used for subsequent calls to the API.
expiresAt	string($date-time)	If success is true, this is the date and time that the token will expire. Tokens expire every 15 minutes and must be refreshed. See Token Expiry and Refresh for more information.

Sample Response (Success)

{
  "success": true,
  "token": "eyJhbGciOiJIzI1NiIsInR5cCI6IkXVCJ9.eyJpZC…",
  "expiresAt": "2022-09-24T13:31:00.557Z"
}

Sample Response (Failed)

{
  "success": false
}

Token Expiry and Refresh

Tokens expire after 15 minutes. Field expiresAt in the response model can be used to track token expiry.

Call the authentication/getToken operation again to re-authenticate and receive a new token.