Sign2pay uses tokens to allow access to the API. Your API Token is available from your Merchant Admin. Store the tokens securely and pass one with every request.
For protected resources, you must pass a valid token in a HTTP Token Authorization header.
Authorization: Token token="0047f40cf37dbb5cc6301d17194ed2e2"
It is important that this access token is kept strictly private. If it ever becomes compromised, you must revoke the old access token and generate a new one as soon as possible.
Sign2pay also employs the Bearer Authorization header when you are making a request using an Access Token that you cannot authenticate.
Authorization: Bearer d81ff0f3f961e7c387bd928942e062b59cb237c9d595ed9afcd9eca320356199
Used when making server to server calls, Payment Requests, for example. This is done using your Client Credentials. The username is your client_id and the password is your client_secret.
Authorization: Basic YzUwOWZkNTkzNzQyYjZiMDhhZGY0ZjBiNDFhNDgwNOM6YTVjMWQyN2U0MGEzMGRkNjA2OTgyNTc4MWEyYWJlNGY=