To access the SynchPay API, you need to obtain an access token by authorizing with your ClientId and ClientSecret, which are provided by SynchPay support. Note: Keep your ClientId and ClientSecret secure and do not expose them in client-side code or public repositories.

Obtaining an Access Token

Token Endpoint

Request Body

The request body should be in JSON format and contain the following fields:
  • ClientId: Your client ID provided by SynchPay support.
  • ClientSecret: Your client secret provided by SynchPay support. You can request a new client secret via this form.
Example: 
{
  "ClientId": "your_client_id",
  "ClientSecret": "your_client_secret"
}

Response

Upon successful authorization, the endpoint returns a JSON object with the following fields:
  • AccessToken: The access token to be used in API requests.
  • TokenType: The type of the token, which is “Bearer”.
  • ExpiresInSeconds: The number of seconds until the token expires (3600 seconds, which is one hour).
Example: 
{
  "AccessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "TokenType": "Bearer",
  "ExpiresInSeconds": 3600
}

Using the Access Token

To make authorized requests to the API, include the access token in the Authorization header of your HTTP requests: Authorization: Bearer \<AccessToken> Replace <AccessToken> with the actual access token received from the token endpoint. Example: 
GET /some/protected/endpoint HTTP/1.1
Host: api.synchpay.com
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Token Expiry

The access token is valid for one hour (3600 seconds). After it expires, you need to obtain a new token by calling the token endpoint again with your credentials.