Skip to main content

Authentication

PayData uses JWT tokens for authentication and authorization. There are partner tokens (for the main partner and child-partners) and user tokens. A partner token is used to manage the partner itself, its child-partners and its users.

note

Depending on the permissions, a partner token can also be used to directly access or even manage accounts without creating a user or requesting a user token. There are some limitations. For example it is not possible to list all accounts for all users using a partner token. You can check the allowed security schemes of the API operations to see if an partner token is allowed. security schemes

User tokens are issued when a user is newly created or can be created for existing users with a partner token. A user token only allows access to a single user and is used for account management and to read transactions and reports.

info

Your initial partner token is issued by us. It has a limited lifetime and contains just the partner:update scope. Use your initial token to create a new token with a longer lifetime and more scopes. See Token Management.

HTTP Requests

All HTTP requests must contain either the partner or user token in the Authorization header.

Authorization: Bearer <Your Token>

HTTP Responses

If a token is expired or invalid, the API will respond with 401 Unauthorized. If the the token is missing the needed scopes, a 403 Forbidden is returned.