Request authentication

Learn how to authenticate Payments v3 API calls.

All payments requests (pay-ins, payouts, mandates, and refunds) need to be authenticated before you initiate the request. To authenticate payments, you need:

  • public and private signing keys, which are uploaded to Console and included with your requests respectively.
  • an access token, which can be used to make multiple payments and is valid for an hour.

Learn more

Generate a access_token that you must include as a bearer header to authenticate each of your requests. You need to include the correct scopes to ensure your access token can be used for different types of payment.

All payments requests must be signed with a public and private key. Upload your public key to Console, and learn how to use a library to include your private key with your requests.

If you include an idempotency key with your requests, you can retry payments requests safely while only performing the requested action once.