The Ezypay APIs use bearer tokens for authorization. To get your token for the first time, make a request to our Get Access Token endpoint:
curl -X POST \
https://identity-sandbox.ezypay.com/token \
-H 'Authorization: application/x-www-form-urlencoded' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=password&username={username}&password={password}&client_id={client_id}&client_secret={client_secret}&scope=integrator%20billing_profile%20create_payment_method%20offline_access'
You can get your username, password, clientId and clientSecret from the Welcome Email that was sent to you when you signed up. To use your tokens, include it in the header of your requests:
-H "Authorization: Bearer {access_token}"
For security reasons, tokens expire in an hour. To refresh a token, call our Refresh Token endpoint:
curl -X POST \
https://identity-sandbox.ezypay.com/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=refresh_token&client_id={clientId}&client_secret={clientSecret}&refresh_token={refreshToken}'
Important Note:
If the
refresh token
option is used, Integrator and merchant must be aware that therefresh token
will be automatically disabled if it was not used for 7 days.A preferred option is to re-create a new
Authentication Token
once theAuthentication Token
has expired after an hour.All requests must be sent over HTTPS
If no token is provided, or an invalid one is provided, an Authentication Error is returned. That error should be in the following format:
{
"type": "authentication_error",
"code": 400,
"message": "400 - {\"error\":\"invalid_grant\",\"error_description\":\"The credentials provided were invalid.\"}"
}