Authentication is the initial step to accessing the Sandbox API. It involves using the API Key and Secret to generate an access token. This token serves as a secure authorization method, enabling the API client to make authenticated API requests on behalf of the user or application.


Your unique API Key and API Secret are accessible via the dashboard, with separate sets for live and test environments, identified by the prefixes "live" and "test".

Token Generation

The access token can be generated by calling the Authenticate API where you need to pass the API Key and API Secret in the headers.

Token Validity

JWT access token has a validity of 24 hours that needs to be refreshed before expiry. You can refresh the token using the Authorize API every 24 hours for up to 365 days.

API Key and Secret are important credentials and can lead to business loss if exposed. With Authorize API, you can mitigate security risks since there is no need to pass the API Secret to acquire the new token.

Validity and Expiry Example

Suppose an access token is generated using the Authenticate API (Token A) on 01-01-2023 00:00:00 am, then the validity of Token A is 24 hours (until 01-01-2023 23:59:59 am), which is refreshable up to 365 days (31-12-2023 23:59:59 am).

Then you use the Authorize API to refresh the token at 01-01-2023 23:59:59 am. The refreshed token (Token B), is once again valid for 24 hours, and refreshable up to 364 days (31-12-2023 23:59:59 am), while Token A has now expired.

If Token A is used after refreshing the token, Sandbox API will respond with a 403 status code.


APIVersionResponse CachingRemarks
Authenticate1.0NoInitial release with core functionality
Authorize1.0NoInitial release with core functionality