2. Authentication

This endpoint is used to authenticate a user or application, providing the necessary access tokens for further interactions with the Paylink API.


POST /api/auth


Important Note

Ensure that you use the correct credentials to avoid any issues during the process, depending on whether you are testing or deploying your payment integration. read more

Request Body Parameters

Fields NameTypeDescription
apiIdStringProvided by Paylink, based on your environment. read more
secretKeyStringProvided by Paylink, based on your environment.. read more
persistTokenbooleanWhen set to true, the returned token will be valid for 30 hours.
When set to false, the returned token will be valid for 30 minutes.

An example of the request is as follows:



Important Note

API ID & Secret Key must be stored securely and should never be exposed outside the server-side environment of your system.

Success Response

If the API keys are correct and the authentication request is successful, the response contains the following details:

Field NameTypeDescription
id_tokenstringThe token value. Its validation period is either 30 minutes or 30 hours.

Example of the response:

  "id_token": "eyJhbGciOiJIUzUxMiJ9***********"

Use of the token

When the merchant's application receives a token, it needs to include this token in the request header when accessing other secured endpoints. The header format is Authorization: Bearer [TOKEN].

Here is an example of the request header for other secured endpoints, including the token:

  "Authorization": "Bearer [id_token]",
  "accept": "application/json",
  "content-type": "application/json"