Authorization

To access the SynchPay API, you need to obtain an access token by authorizing with your ClientId and ClientSecret, which are provided by SynchPay support.

Note: Keep your ClientId and ClientSecret secure and do not expose them in client-side code or public repositories.

​

Obtaining an Access Token

​

Token Endpoint

• URL: https://api.synchpay.com/auth/token

• Method: POST

​

Request Body

The request body should be in JSON format and contain the following fields:

• ClientId: Your client ID provided by SynchPay support.

• ClientSecret: Your client secret provided by SynchPay support. You can request a new client secret via this form.

Example:

{
  "ClientId": "your_client_id",
  "ClientSecret": "your_client_secret"
}

​

Response

Upon successful authorization, the endpoint returns a JSON object with the following fields:

• AccessToken: The access token to be used in API requests.

• TokenType: The type of the token, which is “Bearer”.

• ExpiresInSeconds: The number of seconds until the token expires (3600 seconds, which is one hour).

Example:

{
  "AccessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "TokenType": "Bearer",
  "ExpiresInSeconds": 3600
}

​

Using the Access Token

To make authorized requests to the API, include the access token in the Authorization header of your HTTP requests:

Authorization: Bearer \<AccessToken>

Replace <AccessToken> with the actual access token received from the token endpoint.

Example:

GET /some/protected/endpoint HTTP/1.1
Host: api.synchpay.com
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

​

Token Expiry

The access token is valid for one hour (3600 seconds). After it expires, you need to obtain a new token by calling the token endpoint again with your credentials.