The Ezypay APIs use bearer tokens for authorization. To get your token for the first time, make a request to our Get Access Token endpoint:

curl -X POST \ \
  -H 'Authorization: application/x-www-form-urlencoded' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'grant_type=password&username={username}&password={password}&client_id={client_id}&client_secret={client_secret}&scope=integrator%20billing_profile%20create_payment_method%20offline_access'

You can get your username, password, clientId and clientSecret from the Welcome Email that was sent to you when you signed up. To use your tokens, include it in the header of your requests:

-H "Authorization: Bearer {access_token}"

For security reasons, tokens expire in an hour. To refresh a token, call our Refresh Token endpoint:

curl -X POST \ \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'grant_type=refresh_token&client_id={clientId}&client_secret={clientSecret}&refresh_token={refreshToken}'


Important Note:

If the refresh token option is used, Integrator and merchant must be aware that the refresh token will be automatically disabled if it was not used for 7 days.

A preferred option is to re-create a new Authentication Token once the Authentication Token has expired after an hour.

All requests must be sent over HTTPS

If no token is provided, or an invalid one is provided, an Authentication Error is returned. That error should be in the following format:

    "type": "authentication_error",
    "code": 400,
    "message": "400 - {\"error\":\"invalid_grant\",\"error_description\":\"The credentials provided were invalid.\"}"