Step 1 - Authentication
Authenticate Merchant & Fetch Token
The POST /v2/token endpoint is used to authenticate API integrators for every Aeropay endpoint. The token scope determines who is acting on the system: merchant, user, or userForMerchant (white labeled user). The scope will determine what endpoints are available.
All tokens have a time to live (TTL) of 30 minutes.
Step 1A - Generate the Token
HTTP request
Sandbox - POST https://api.sandbox-pay.aero.inc/v2/token
Production - POST https://api.aeropay.com/v2/token
Request parameters
| Parameter | Required? | Type | Description |
|---|---|---|---|
| apiKey | Yes | String | API Key or user email |
| apiSecret | Yes | String | API Secret or user password |
| scope | Yes | String | Type of token requested |
| id | Only for merchant & userForMerchant scope | String | Merchant Id |
| userId | Only for userForMerchant scope | String | Id of user |
HTTP status and error codes
| HTTP status | Error Code | Meaning | Resolution | Message |
|---|---|---|---|---|
| 400 | AP002 | API credentials are invalid | Confirm correct api key, api secret, and environment | Invalid API key or secret key |
| 400 | AP700 | Scope is invalid | User either merchant or userForMerchant scope | Invalid scope |
| 400 | AP700 | Scope is not provided | User either merchant or userForMerchant scope | Missing required Parameter: 'scope' |
| 400 | AP700 | Missing apiSecret | Make sure to define a valid string for apiSecret | Missing required Parameter: 'apiSecret' |
| 400 | AP700 | Missing apiKey | Make sure to define a valid string for apiKey | Missing required Parameter: 'apiKey' |
| 400 | AP700 | Missing userId | Make sure to define a valid userId (for userForMerchant token) | Missing required Parameter: 'userId' |
Code Example - Request
curl --request POST \
--url https://api.sandbox-pay.aero.inc/v2/token \
--header 'Content-Type: application/json' \
--header 'accept: application/json' \
--data '
{
"apiKey" : "key",
"apiSecret" : "secret",
"scope" : "userFormerchant",
"id" : 1057,
"userId": "27bccca2-d345-4620-9987-3f3854abcd51"
}
'Code Example - Response
{
"TTL": 1800,
"token": "eyJ0eXAiOiJKN7YiLCJhbGciOiJIUzI1NiJ9.eyJhdXRoIjoiNDgiLCJzdWIiOiJtZXJjaGFudCIsImp0aSI6ImZhNGY2NzRmLTJkOTEtNGExNS05OTk3LTc1NWI2ZTYyZDhkYiIsImV4cCI6MTY5NDAzNTc2MSwidXNlcm5hbWUiOiJ1cy1lYXN0LTE6M2NlMjBiZDUtNzg03ZCRMjY5LWExM2UtZmM1MzIyMTk0NTAxIn0.3B1sdyVNpTW644RtpoGmQnRlp9PKGjrk91YUi0Uq2Os"
}Updated about 2 months ago
What’s Next