search

Authentication

We support four kinds of authentication:

  • API key

  • Bearer token (no refresh token)

  • Basic flow

  • OAuth

Merchants enter their authentication key when they first activate your integration.

arrow-up-right

hashtag
API key

You can have the merchant’s API key as a header or a query parameter. You can configure the field name, and add multiple headers if you need them.

arrow-up-right

If you need merchants to enter an additional authentication parameter like their username and password, you can add those by creating settingsarrow-up-right and using the variable as the value.

arrow-up-right

hashtag
Bearer token

We will automatically attach an Authorization header to your requests. We will add the merchant’s key after “Bearer”. We can only support bearer tokens that don’t expire, and we don’t support refresh tokens yet.

hashtag
Basic flow

We will automatically attach an Authorization header to your requests. We will add the merchant’s key after “Basic”.

hashtag
OAuth

When OAuth is selected, you need to specify the Authentication end point, the grant type and the scope that your API expects to receive.

arrow-up-right

When OAuth is configured, customers will be asked to enter their Client ID and Client Secret to activate the integration.

arrow-up-right

PreviousGeneral endpointsNextCreating settings

Last updated