Authentication and authorization
When you use the API to request payments, logins, and other services, we must be sure of your identity and access rights.
Your API keys provide proof of your identity. This is why it's so important to keep these secret.
Supply the API keys in an authentication request through the Access token API, and we will return a token that represents your identity.
When you run further API requests, attach the token so that we get your identity and can confirm that you have permission to run the request.
For example, if you request to initiate a payment for a sales unit (merchant sales number), we will use your access token to identify who you are, and evaluate if you're allowed to initiate payments for the specified sales unit.
The Access token API provides two authentication methods. Please see the following sections for more details:
-
Standard authentication (for everything except the special cases).
-
Partner specialized authentication (for partners with limited, specialized use).