Step 1 - Authentication

Authenticate Merchant & Fetch Token

The POST /token endpoint is used to authenticate API integrators for every Aeropay endpoint. The token scope determines who is acting on the system: merchant, user, or userForMerchant (white labeled user). The scope will determine what endpoints are available.

All tokens have a time to live (TTL) of 30 minutes.

Step 1A - Generate the Token

HTTP request

Sandbox - POST https://staging-api.aeropay.com/token
Production - POST https://api.aeropay.com/token

Request parameters

ParameterRequired?TypeDescription
api_keyYesStringAPI Key or user email
api_secretYesStringAPI Secret or user password
scopeYesStringType of token requested
idOnly for merchant & userForMerchant scopeStringMerchant Id
userIdOnly for userForMerchant scopeStringId of user

HTTP status and error codes

HTTP statusError CodeMeaningResolutionMessage
200AP002API credentials are invalidConfirm correct api key, api secret, and environmentInvalid API key or secret key
200AP700Missing request parameterAdd missing parameterMissing required Parameter: 'userId'

Code Example - Request

curl --request POST \
     --url https://staging-api.aeropay.com/token \
     --header 'Content-Type: application/json' \
     --header 'accept: application/json' \
     --data '
{
  "scope": "merchant",
  "api_key": "api-key-ab1341-asdflk3",
  "api_secret": "api-secret-ab1341-asdflk3",
  "id": "1456"
}
'

Code Example - Response

{
    "TTL": 1800,
    "token": "eyJ0eXAiOiJKN7YiLCJhbGciOiJIUzI1NiJ9.eyJhdXRoIjoiNDgiLCJzdWIiOiJtZXJjaGFudCIsImp0aSI6ImZhNGY2NzRmLTJkOTEtNGExNS05OTk3LTc1NWI2ZTYyZDhkYiIsImV4cCI6MTY5NDAzNTc2MSwidXNlcm5hbWUiOiJ1cy1lYXN0LTE6M2NlMjBiZDUtNzg03ZCRMjY5LWExM2UtZmM1MzIyMTk0NTAxIn0.3B1sdyVNpTW644RtpoGmQnRlp9PKGjrk91YUi0Uq2Os"
}

🚧

Your client_secret should be kept a secret!

Be sure to store your client credentials securely.