The third step is to authenticate the API.


Authorization is handled by permissions granted to a user.

  • The User Identifier and User Secret (generated during onboarding through the Merchant Portal) is used to authenticate the API request.

  • This API uses JWT Bearer authentication. You must send a POST request to the authentication endpoint to retrieve the token.

  • When successful, a JWT access token is provided in the response.

  • Additional requests to access the various resources require the Authorization: Bearer token header.

Secure transport

API requests must be secured using HTTPS transport. Requests made using HTTP will be rejected.

Customer whitelisting is not required.

Content type

Request and response data is formatted in JSON. Specify json in the Accept and Content-Type in the HTTP header.

Content-Type: application/json