Authentication for the synchronous API uses standard JWT access token bearer mechanism.
POST /v3/auth/login
Request:
{
"email" : "user@integrator.com"
}
Response:
{
"status": "If the email is correct, you should receive a refresh_token shortly."
}
After successful call, you should receive a refresh JWT token on the email specified. If the email does not represent valid used with API access rights no email will be sent, so make sure the email is correct.
The token returned by this call, cannot be used for authentication directly, it can only be used to generate regular access token. The refresh token validity is fixed to 24 hours.
POST /v3/auth/access-token
Headers:
Authorization: Bearer <VALID REFRESH TOKEN>
Request:
{
"expires_after" : 2764800 // lifetime of the token in seconds
}
Response:
{
"access_token": "eyJ0e...8vZVEZa_PI"
}
Creates a new access token, for using the API. The Authorization header must contain valid refresh token.
Webhooks event delivery the messages has the ability to add HMAC signature in the headers, created with a secret key that the integrators can configure themselves. Messages that do not match the signature provided should be considered fraudulent and discarded.
Generated using TypeDoc