Access Token

All request must have an Access token. Access tokens are used to make API requests on behalf of your merchant account. It is used for Authorization.

Access tokens must be kept confidential in transit and in storage. The only parties that should ever see the access token are Kitegateway APIs and your servers. Your application should ensure the storage of the access token is not accessible to other applications

How to get an access token

You have to use your merchant api_key and api_secret in order to get an access token by making a request as below

Live

POST  https://kitegateway.com/v1/auth/token

Sandbox

POST  https://sandbox.kitegateway.com/v1/auth/token

Request Headers

Header

Value

Required

Content-Type

application/json

YES

Accept

application/json

YES

Secret-Key

YOUR_SECRET

YES

{ 
    "api_key": "2882jj2hh288282jj2", // Obtain from your merchant profile" 
    "expires_in": 300
}

{
  "code": 200,
  "status": "success",
  "message": "Token generated",
  "data": {
    "token": "JWT eyJ0eXAiOiBBV1QzI1NiJ9.eTAW0InJvbGUi2YifQ.f6FPyTxzchGD7ed55Rw7ruqe6P_Go",
    "expires": 1622197906
  }
}

Header: Authorization

All Requests to whatever Kitegateway end point must contain an authorization header that contains the token generated. This provides another layer of security. To even strengthen the security further, this token should be as short lived as much as possible based on the specified scenario.

e.g"Authorization: JWT eyJ0ejjsjjdjjjjsjjs.eTThhhshhshhhs.88asd998sads..."

PreviousCard Test Numbers NextSteps

Last updated 3 months ago