Skip to main content
Our API uses M2M clients to authenticate your application. Each M2M client has a client_id and client_secret, and uses the OAuth2 client credentials flow to obtain a short-lived access token.

Get your credentials

Create and manage M2M clients in the Dashboard.
No dashboard access yet? Contact us directly or get started here.

Obtain an access token

POST /oauth2/token
Content-Type
string
required
Must be application/x-www-form-urlencoded.
grant_type
string
required
Must be client_credentials.
client_id
string
required
Your M2M client ID.
client_secret
string
required
Your M2M client secret.
curl --request POST \
  --url 'https://api.paysway.dev/oauth2/token' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id=YOUR_CLIENT_ID \
  --data client_secret=YOUR_CLIENT_SECRET

Use the token

Include the token in the Authorization header of every API request:
Authorization
string
required
Bearer YOUR_ACCESS_TOKEN
curl --request POST \
  --url https://api.paysway.dev/payments/validations \
  --header 'Authorization: Bearer YOUR_ACCESS_TOKEN'
Tokens expire after 3600 seconds. If you receive a 401 Unauthorized, request a new token. Consider refreshing proactively before expiry to avoid interruptions.