To access our API, your application must authenticate. We use the OAuth2 client credentials flow.
Don’t have API credentials?If you don’t have a client_id and client_secret yet, you’ll need them to proceed. Please book a meeting to get set up.

Steps

1

Obtain an access token

First, your application needs to request an access token. This token identifies and authorizes your application.POST /oauth2/token
Content-Type
string
required
Must be application/x-www-form-urlencoded for this endpoint.
Request parameters:
grant_type
string
required
Must be client_credentials.
client_id
string
required
Your unique client ID.
client_secret
string
required
Your client secret.
curl --request POST \
  --url 'https://api.paysway.dev/oauth2/token' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id=YOUR_CLIENT_ID \
  --data client_secret=YOUR_CLIENT_SECRET
Response fields:
access_token
string
required
The bearer token to use for authenticating API requests.
token_type
string
required
Always returns “Bearer” for this authentication flow.
expires_in
integer
required
Token lifetime in seconds (e.g., 3600 = 1 hour).
2

Use the token in API calls

Include the obtained access_token in the Authorization header of your API requests:
Authorization
string
required
Bearer token in the format: Bearer YOUR_ACCESS_TOKEN
curl --request POST \
  --url https://api.paysway.dev/payments/validations \
  --header 'Authorization: Bearer YOUR_ACCESS_TOKEN'
If the access token is missing, invalid, or expired, the API will return a 401 Unauthorized error. Your application should handle this by requesting a new token.
Request a new token before the current one expires to avoid service interruptions. Consider implementing automatic token refresh in your application.