2. Authentication
This endpoint is used to authenticate a user or application, providing the necessary access tokens for further interactions with the Paylink API.
Endpoint
POST /api/auth
Important Note
Ensure that you use the correct credentials to avoid any issues during the process, depending on whether you are testing or deploying your payment integration. read more
Request Body Parameters
| Fields Name | Type | Description |
|---|---|---|
| apiId | String | Provided by Paylink, based on your environment. read more |
| secretKey | String | Provided by Paylink, based on your environment.. read more |
| persistToken | boolean | When set to true, the returned token will be valid for 30 hours. When set to false, the returned token will be valid for 30 minutes. |
An example of the request is as follows:
{
"apiId":"APP_ID_1123453311",
"secretKey":"0662abb5-13c7-38ab-cd12-236e58f43766",
"persistToken":"false"
}
Important Note
API ID & Secret Key must be stored securely and should never be exposed outside the server-side environment of your system.
Success Response
If the API keys are correct and the authentication request is successful, the response contains the following details:
| Field Name | Type | Description |
|---|---|---|
| id_token | string | The token value. Its validation period is either 30 minutes or 30 hours. |
Example of the response:
{
"id_token": "eyJhbGciOiJIUzUxMiJ9***********"
}
Use of the token
When the merchant's application receives a token, it needs to include this token in the request header when accessing other secured endpoints. The header format is Authorization: Bearer [TOKEN].
Here is an example of the request header for other secured endpoints, including the token:
{
"Authorization": "Bearer [id_token]",
"accept": "application/json",
"content-type": "application/json"
}
Updated 6 months ago