Authentication

Generate a Bearer token to start making requests to the OpenPayd API.

All requests to the OpenPayd API must be made over HTTPS and will be authenticated over standard HTTP Basic authentication.

Once you have signed up for a Sandbox account, you will be able to generate an API username and password from the Developers section on your Dashboard.

These credentials should be used to generate a Bearer token which is required to authenticate all your API requests. You will have a different set of credentials for Sandbox and Production.

The response to the request for generating a token will also return an accountHolderId. This will be required in the header for most API requests.

Your API credentials and bearer token must be kept secret. Do not put them in your client-side code or checked into your application's code.

The following example shows a request for authentication:

curl --location --request POST 'https://sandbox.openpayd.com/api/oauth/token?grant_type=client_credentials \
--header 'Authorization: Basic base64(username:password)' \
--header 'Content-Type: application/x-www-form-urlencoded'

Response on successful authentication:

{
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5c...",
    "token_type": "bearer",
    "expires_in": 899,
    "scope": "test",
    "accountHolderId": "570de05f-2517-4b5e-aa2c-b8abacf13d00",
    "clientId": "015c8655-c5ad-4c05-9146-d232792acc36",
    "referralId": "e42e06db-f40c-48d0-8d69-4dd194027541",
    "accountHolders": {
        "570de05f-2517-4b5e-aa2c-b9abacf13d00": {
            "accountHolderDisplayName": "Test Business",
            "id": "570de05f-2517-4b5e-aa2c-b9abacf13d00",
            "accountHolderType": "BUSINESS",
            "accountHolderStatus": "ACTIVE",
            "referralId": "e42e06db-f40c-48d0-8d69-4dd19b027541"
        }
    },
    "accountHolderStatus": "ACTIVE",
    "clientTenantId": "b300b9ee-41c2-4ce3-86b6-4678e7fb6fee",
    "authorities": [
        "SIMULATE_WEBHOOK",
        "GET_BALANCE",
        "CREATE_BANK_PAYOUT",
        "CREATE_WEBHOOK",
        "CREATE_TRANSACTION",
        "CREATE_REFUND",
        "GET_WEBHOOK",
        ..."
    ],
    "jti": "2891e435-8920-4466-865f-573e4a929cee",
    "accountHolderType": "BUSINESS"
}

Response on authentication error:

{
    "errorCode": "UNAUTHORIZED",
    "message": "Full authentication is required to access this resource"
}