API Authentication

Your API credentials can be found in the user portal under API in the side menu under Integrations. Your API username and password will be listed here.

To authenticate your API requests an initial call is made to the token endpoint with credentials passed as JSON in the request body.

Open this guide for a step-by-step walkthrough of the authentication API

🦉

Simple Login using Axios / Node.js

Open Recipe

Your username and password should be used in the parameters username and password respectively. The parameter grant_type should be passed as "password".

An example of an API authentication request. Authentication API details

curl -L -X POST '<https://api.payadvantage.com.au/v3/token'>  
 -H 'Content-Type: application/json'  
 -d '{  
       "grant_type": "password",  
       "username": {your_username},  
       "password": {your_password}  
     }'

An example of a successful response

STATUS 200 // Successful
{  
  "access_token": nvawklcbawuilfbuwekalbvuewlauewiLNFWELIFUELNF,  
  "token_type": "bearer",  
  "expires_in": 1800  
}

A successful response will return an access_token that must be included in any subsequent requests as an authorisation header called bearer.

These access tokens have an expiry in seconds as shown in the response. After this time any request to the API using an expired token will return a STATUS 401 unauthorised response, and a new token will need to be requested.

📘
Do not call the authentication API for every request if you still have a valid token. The API is rate limited and you account will be temporarily blocked if this endpoint is called too often.

An unsuccessful response will return a STATUS 4NN with an error code such as "invalid account" and a message to give more context to why the error occurred.

An example of the token storage and usage can be found in our public GitHub repository https://github.com/pay-advantage/sample_js_webhook_app

An example of using access token for API calls

curl -L -X POST '<https://api.payadvantage.com.au/v3/...'>  
 -H 'Authorization: Bearer {access_token}'  
 -H 'Content-Type: application/json'  
 -d '{  
       ...  
     }'

📘Do not call the authentication API for every request if you still have a valid token. The API is rate limited and you account will be temporarily blocked if this endpoint is called too often.

📘
Do not call the authentication API for every request if you still have a valid token. The API is rate limited and you account will be temporarily blocked if this endpoint is called too often.