Guides

Authentication

Secure and easy authorization using JWT token or API key.

Suggest Edits

Generate JWT token

At the beginning of your work with us, you was assigned an email, password and merchant ID that you need to use to authenticate and generate a JWT token.

🚧

Do you not have an email, password and merchant ID for your account?

Please contact our support team!

To generate a JWT token, you need to use the endpoint described below:

Method name:/v2/auth/login
Request type:POST

Exemplary request

const email = "YOUR_EMAIL"; // put here your email
const password = "YOUR_PASSWORD"; // put here your password
const merchantId = "YOUR_MERCHANT_ID"; // put here your merchant_id

const url = BASE_URL;
const path = "/v2/auth/login";

const body = {
  token: email,
  password: password,
};

const options = {
  method: "POST",
  headers: {
    accept: "application/json",
    "Content-Type": "application/json",
    merchant_id: merchantId
  },
  body: JSON.stringify(body),
};

fetch(url + path, options)
  .then((response) => response.json())
  .then((showResponse) => console.log(showResponse.data));

import requests

email = "YOUR_EMAIL"; # put here your username
password = "YOUR_PASSWORD"; # put here your password
merchantId = "YOUR_MERCHANT_ID"; # put here you merchant_id

url = BASE_URL
path = "/v2/auth/login"
headers = {
    "accept": "application/json",
    "Content-Type": "application/json",
    "merchant_id": merchantId
}
body = {
   "token": email,
   "password": password,
}

request = requests.post(url + path, headers=headers, json=body)
print(request.json())

How to call private endpoints here

Swagger here

Response

{
  "data": {
    "accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6Ijc4YTEyNjQ0LWExMjMtNGMyYi04ZTJmLTIyNWY1NGUyMGI4NCIsImVtYWlsIjoib3duZXJAYWRtaW4uY29tIiwicm9sZSI6Ik93bmVyIiwidXNlcm5hbWUiOiJTRUVEX0lOU1RJVFVUSU9OX09XTkVSX1BST0ZJTEUiLCJ0IjoidSIsIm1lcmNoYW50SWQiOiJiMzQ1NTViNy1kY2E0LTVlYzEtYWRlMy02NGEzYWQ1NDUzMTAiLCJpbnN0aXR1dGlvbiI6eyJpZCI6ImEyNjliYjI1LTk4OTgtNDJiNy1hYTkyLWMwZTdjMWE4ZjQ5MyIsInRpdGxlIjoiQ29vbCBDb21wYW55IiwiZ3JvdXBzIjpbeyJpZCI6ImJhbmsyX2V4Y2hhbmdlIiwidHlwZSI6IkV4Y2hhbmdlIn0seyJpZCI6ImJhbmsyX2RlcG9zaXQiLCJ0eXBlIjoiRGVwb3NpdCJ9LHsiaWQiOiJiYW5rMl90cmFuc2ZlciIsInR5cGUiOiJUcmFuc2ZlciJ9LHsiaWQiOiJiYW5rMl93aXRoZHJhdyIsInR5cGUiOiJXaXRoZHJhdyJ9XX0sImZpbmdlcnByaW50IjoiZDdiNjA4ZWU2MzA0OTFmMDExOTA4ZWY5M2Y1OGQxNDYiLCJqd3RJZCI6ImExNmRkMDQ5LTA4YjgtNDU5Ny04ZGFhLTMyN2ZkNzVkNWNlOSIsImlhdCI6MTcwNzIzOTcxNSwiZXhwIjoxNzA3MjQxNTE1fQ.Dupd5VERjXgxAw7KV0gBYAU60kVY0tEWqAARNvJVcNLznIPwZyx2OaO1N2mk3rR7F5YBljIJikR5PPTfZh9YvKIgrhbvq2MUvrtlRBc-Qhnk2VjsFwkckTthxizR-f608iwL1DuyFrj5kh_rMvJQsp6WKQC2xkFnq77ZflLFv6wCuhBwgrMFjRFBHZiAs2xe2s7cJzUMt0uRHOzCxnA0PxjSV9e3Fu1Oge6AB_Wv3mCxYVALUVnkVrny9DiixTnOJy6us_4xC3y5_MT5XpEM2psRUIMb4n5FwgFNH4ykxK5v-QPGUOQd3cKl6q7F38uf7AAZlbrcjyRvK9GjIEC-dA", // JWT token
    "expiresIn": 1707241515, // JWT token lifetime
    "refreshToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6Ijc4YTEyNjQ0LWExMjMtNGMyYi04ZTJmLTIyNWY1NGUyMGI4NCIsImZpbmdlcnByaW50IjoiZDdiNjA4ZWU2MzA0OTFmMDExOTA4ZWY5M2Y1OGQxNDYiLCJzZXNzaW9uQ3JlYXRlZEF0IjoxNzA3MjM5NzE1MjEwLCJpYXQiOjE3MDcyMzk3MTUsImV4cCI6MTcwNzQxMjUxNX0.asihxWFNtEEk2TcJRLO5OhLRnHU4IHpFyOkAtKnsS0PkBUM4p_jFX_PSLu9oSBQxYi9zu3vMOFdKHbIT9BEPKdXoIiKF0Pr6KS6IztgU0fP1L8qdgWo0SmTS-CVosa8Wi5jI1QdE-xt2VJq76IFRqcselIyB5kHzH6k4IXjq0KeZQE5uNX842p5rHytK08UsAw9wSXUCFMaKV3nSrswYp_tcBFk0yYvDCaNfqOOEB8_CWb5mQq4zAiX7dm_83fWHfOUjjJlJbrO8KVv-WpM-5gwOx8jBNJmPth-OWNaWxFUaWhMBkXuZAXPsEiYer-link-SjTvC-ifR6B33Ub3Rjw" // Refresh token
  }
}

Now you can call any endpoints. To do this, you need to pass accessToken with "Bearer" appended to the headers:

headers: {
    accept: "application/json",
    "content-type": "application/json",
    "Authorization": `Bearer ${data.accessToken}`
}

The JWT token is valid for 30 minutes. If the JWT token is expired, you get the error:

{
  "errors": [
    {
      "code": "UNAUTHORIZED",
      "message": {
        "name": "TokenExpiredError",
        "message": "jwt expired",
        "expiredAt": "2024-02-09T19:23:17.000Z"
      }
    }
  ]
}

Refresh JWT token

To get a new JWT token, you don't need to log in again, you can get a new one via the Refresh token which you get along with the first JWT token using /v2/auth/login.

Method name:/v2/auth/refresh
Request type:POST

Exemplary request

const merchantId = "YOUR_MERCHANT_ID"; // put here your merchant_id

const url = BASE_URL;
const path = "/v2/auth/refresh";

const body = {
  "refreshToken": data.refreshToken
};

const options = {
  method: "POST",
  headers: {
    accept: "application/json",
    "Content-Type": "application/json",
    merchant_id: merchantId
  },
  body: JSON.stringify(body),
};

fetch(url + path, options)
  .then((response) => response.json())
  .then((showResponse) => console.log(showResponse.data));

import requests

merchantId = "YOUR_MERCHANT_ID"; # put here you merchant_id

url = BASE_URL
path = "/v2/auth/refresh"
headers = {
    "accept": "application/json",
    "Content-Type": "application/json",
    "merchant_id": merchantId
}
body = {
  "refreshToken": data.refreshToken
}

request = requests.post(url + path, headers=headers, json=body)
print(request.json())

How to call private endpoints here

Swagger here

Response

{
  "data": {
    "accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6Ijc4YTEyNjQ0LWExMjMtNGMyYi04ZTJmLTIyNWY1NGUyMGI4NCIsImVtYWlsIjoib3duZXJAYWRtaW4uY29tIiwicm9sZSI6Ik93bmVyIiwidXNlcm5hbWUiOiJTRUVEX0lOU1RJVFVUSU9OX09XTkVSX1BST0ZJTEUiLCJ0IjoidSIsIm1lcmNoYW50SWQiOiJiMzQ1NTViNy1kY2E0LTVlYzEtYWRlMy02NGEzYWQ1NDUzMTAiLCJpbnN0aXR1dGlvbiI6eyJpZCI6ImEyNjliYjI1LTk4OTgtNDJiNy1hYTkyLWMwZTdjMWE4ZjQ5MyIsInRpdGxlIjoiQ29vbCBDb21wYW55IiwiZ3JvdXBzIjpbeyJpZCI6ImJhbmsyX2V4Y2hhbmdlIiwidHlwZSI6IkV4Y2hhbmdlIn0seyJpZCI6ImJhbmsyX2RlcG9zaXQiLCJ0eXBlIjoiRGVwb3NpdCJ9LHsiaWQiOiJiYW5rMl90cmFuc2ZlciIsInR5cGUiOiJUcmFuc2ZlciJ9LHsiaWQiOiJiYW5rMl93aXRoZHJhdyIsInR5cGUiOiJXaXRoZHJhdyJ9XX0sImZpbmdlcnByaW50IjoiZDdiNjA4ZWU2MzA0OTFmMDExOTA4ZWY5M2Y1OGQxNDYiLCJqd3RJZCI6ImExNmRkMDQ5LTA4YjgtNDU5Ny04ZGFhLTMyN2ZkNzVkNWNlOSIsImlhdCI6MTcwNzIzOTcxNSwiZXhwIjoxNzA3MjQxNTE1fQ.Dupd5VERjXgxAw7KV0gBYAU60kVY0tEWqAARNvJVcNLznIPwZyx2OaO1N2mk3rR7F5YBljIJikR5PPTfZh9YvKIgrhbvq2MUvrtlRBc-Qhnk2VjsFwkckTthxizR-f608iwL1DuyFrj5kh_rMvJQsp6WKQC2xkFnq77ZflLFv6wCuhBwgrMFjRFBHZiAs2xe2s7cJzUMt0uRHOzCxnA0PxjSV9e3Fu1Oge6AB_Wv3mCxYVALUVnkVrny9DiixTnOJy6us_4xC3y5_MT5XpEM2psRUIMb4n5FwgFNH4ykxK5v-QPGUOQd3cKl6q7F38uf7AAZlbrcjyRvK9GjIEC-dA", // JWT token
    "expiresIn": 1707241515, // JWT token lifetime
    "refreshToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6Ijc4YTEyNjQ0LWExMjMtNGMyYi04ZTJmLTIyNWY1NGUyMGI4NCIsImZpbmdlcnByaW50IjoiZDdiNjA4ZWU2MzA0OTFmMDExOTA4ZWY5M2Y1OGQxNDYiLCJzZXNzaW9uQ3JlYXRlZEF0IjoxNzA3MjM5NzE1MjEwLCJpYXQiOjE3MDcyMzk3MTUsImV4cCI6MTcwNzQxMjUxNX0.asihxWFNtEEk2TcJRLO5OhLRnHU4IHpFyOkAtKnsS0PkBUM4p_jFX_PSLu9oSBQxYi9zu3vMOFdKHbIT9BEPKdXoIiKF0Pr6KS6IztgU0fP1L8qdgWo0SmTS-CVosa8Wi5jI1QdE-xt2VJq76IFRqcselIyB5kHzH6k4IXjq0KeZQE5uNX842p5rHytK08UsAw9wSXUCFMaKV3nSrswYp_tcBFk0yYvDCaNfqOOEB8_CWb5mQq4zAiX7dm_83fWHfOUjjJlJbrO8KVv-WpM-5gwOx8jBNJmPth-OWNaWxFUaWhMBkXuZAXPsEiYer-link-SjTvC-ifR6B33Ub3Rjw" // Refresh token
  }
}

The Refresh token lives for 2 days. If the Refresh token has expired, you will get this error:

{
  "errors": [
    {
      "code": "REFRESH_TOKEN_EXPIRED",
      "message": "Invalid token"
    }
  ]
}

Authentication via API key

Instead of a JWT token, you can use a persistent API key.

🚧

Do you not have an API key?

Please contact our support team!

With an API key you don't need to use endpoints for authentication, you just need to enter your API key in headers and call an endpoint.

Example

Let's create a new account for your new user using endpoint /v2/customer/create and API key:

const url = BASE_URL;
const path = "/v2/customer/create";

const body = {
  email: "[email protected]",
  phoneNumber: "+380991234567",
  firstName: "Alex",
  lastName: "Smith",
  comment: "Alex is a special client. Hi is a refferal of Denis.",
  externalId: "12124d80-dd80-4c70-aa9c-c2aa014cc29e",
  referralId: "1f44b1c7-9fd4-4d20-b9a4-7aca3646d0d5",
  country: "FR",
  verificationDocumentId: "FV633452",
  residenceAddress: "Champ de Mars, 5 Av. Anatole France, 75007 Paris, France",
  itn: "633-123-92-12",
};

const options = {
  method: "POST",
  headers: {
    accept: "application/json",
    "Content-Type": "application/json",
    "Api-key": "YOUR_API_KEY"
  },
  body: JSON.stringify(body),
};

fetch(url + path, options)
  .then((response) => response.json())
  .then((showResponse) => console.log(showResponse.data));

import requests

url = BASE_URL
path = "/v2/customer/create"
headers = {
    "accept": "application/json",
    "Content-Type": "application/json",
    "Api-key": "YOUR_API_KEY"
}
body = {
    "email": "[email protected]",
    "phoneNumber": "+380991234567",
    "firstName": "Alex",
    "lastName": "Smith",
    "comment": "Alex is a special client. Hi is a refferal of Denis.",
    "externalId": "12124d80-dd80-4c70-aa9c-c2aa014cc29e",
    "referralId": "1f44b1c7-9fd4-4d20-b9a4-7aca3646d0d5",
    "country": "FR",
    "verificationDocumentId": "FV633452",
    "residenceAddress": "Champ de Mars, 5 Av. Anatole France, 75007 Paris, France",
    "itn": "633-123-92-12"
}

request = requests.post(url + path, headers=headers, json=body)
print(request.json())

Updated 6 months ago