Authentication

Getting an Access Token

Endpoint

POST https://api.paysecurez.com/api/token

Request Examples

curl -X POST "https://api.paysecurez.com/api/token" \
  -H "Content-Type: application/json" \
  -d '{"client_id": "your-client-id", "client_secret": "your-secret"}'

const response = await fetch('https://api.paysecurez.com/api/token', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    client_id: 'your-client-id',
    client_secret: 'your-secret'
  })
});

const tokenData = await response.json();

import requests

url = "https://api.paysecurez.com/api/token"
payload = {
    "client_id": "your-client-id",
    "client_secret": "your-secret"
}

response = requests.post(url, json=payload)
token_data = response.json()

HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
    .uri(URI.create("https://api.paysecurez.com/api/token"))
    .header("Content-Type", "application/json")
    .POST(HttpRequest.BodyPublishers.ofString(
        "{\"client_id\":\"your-client-id\",\"client_secret\":\"your-secret\"}"
    ))
    .build();

HttpResponse<String> response = client.send(request,
    HttpResponse.BodyHandlers.ofString());
String tokenData = response.body();

payload := map[string]string{
    "client_id":     "your-client-id",
    "client_secret": "your-secret",
}

jsonData, err := json.Marshal(payload)
if err != nil {
    return nil, err
}

req, err := http.NewRequest("POST", 
    "https://api.paysecurez.com/api/token",
    bytes.NewBuffer(jsonData))
if err != nil {
    return nil, err
}

req.Header.Set("Content-Type", "application/json")

client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
    return nil, err
}
defer resp.Body.Close()

var tokenData map[string]interface{}
json.NewDecoder(resp.Body).Decode(&tokenData)

require 'net/http'
require 'json'

uri = URI('https://api.paysecurez.com/api/token')
request = Net::HTTP::Post.new(uri)
request['Content-Type'] = 'application/json'
request.body = {
  client_id: 'your-client-id',
  client_secret: 'your-secret'
}.to_json

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) do |http|
  http.request(request)
end

token_data = JSON.parse(response.body)

using System.Net.Http;
using System.Text.Json;

var client = new HttpClient();
var payload = new {
    client_id = "your-client-id",
    client_secret = "your-secret"
};

var response = await client.PostAsync(
    "https://api.paysecurez.com/api/token",
    new StringContent(
        JsonSerializer.Serialize(payload),
        Encoding.UTF8,
        "application/json"
    )
);

var tokenData = await JsonSerializer.Deserialize<TokenResponse>(
    await response.Content.ReadAsStringAsync()
);

Response

{
  "access_token": "eyJhbGciOiJIUzI1NiIs...",
  "expires_in": 1800,
  "token_type": "Bearer"
}

Using the Token

Include the token in all API requests using the Authorization header:

cURL
Python
JavaScript
C#
Java

curl "https://api.paysecurez.com/some-endpoint" \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..."

headers = {
    "Authorization": f"Bearer {token_data['access_token']}"
}
response = requests.get("https://api.paysecurez.com/some-endpoint", headers=headers)

const headers = {
    'Authorization': `Bearer ${tokenData.access_token}`
};
const response = await fetch('https://api.paysecurez.com/some-endpoint', { headers });

client.DefaultRequestHeaders.Authorization = 
    new AuthenticationHeaderValue("Bearer", tokenData.AccessToken);
var response = await client.GetAsync("https://api.paysecurez.com/some-endpoint");

HttpRequest request = HttpRequest.newBuilder()
    .uri(URI.create("https://api.paysecurez.com/some-endpoint"))
    .header("Authorization", "Bearer " + accessToken)
    .GET()
    .build();

HttpResponse<String> response = client.send(request,
    HttpResponse.BodyHandlers.ofString());

warning

Tokens expire after 30 minutes. If a token expires, the API will return a 401 Unauthorized response. Request a new token when needed.

Security Recommendation

For optimal security, we recommend requesting a new token for each transaction. This minimizes the risk of token exposure and ensures your integration follows security best practices.

Token Expiration Response

When a token expires or is invalid, the API returns:

{
  "statusCode": 401,
  "message": "Unauthorized",
  "error": "Invalid or expired token"
}

Security Best Practices

Request a new token for each transaction (recommended)
Keep your client credentials secure
Rotate client secrets periodically
Use HTTPS for all API calls
Don't share tokens between applications
Implement proper token storage
Handle 401 responses by requesting a new token

Getting an Access Token​

Endpoint​

Request Examples​

Response​

Using the Token​

Token Expiration Response​

Security Best Practices​