API Authentication
Authentication process for Sandbox APIs
Authentication on Sandbox APIs
Once you start your subscription, Sandbox will provide you with a unique API key
and secret
that is accessible from your dashboard. The authentication flow consists of exchanging the key
and secret
for a JWT access_token
. This is done using the Authenticate API.
Users can then pass the access_token
along with their key
in request headers to make the API calls. Note that the access_token
has a validity of 24 hours, post which it will expire.
You can refresh the access_token
by calling the Authorize API. You can keep refreshing every 24 hours for up to 365 days, after which you need to acquire new access_token
by calling the Authenticate API again.
Example
Suppose an access_token
is generated using the Authenticate API (Token A) on 01-01-2023 00:00:00 am
, The validity of Token A is 24 hours (until 02-01-2023 00:00:00 am
), which is refreshable for up to 365 days. (01-01-2024 00:00:00 am
)
When Token A expires, you use the Authorize API to refresh the token. The refreshed token (Token B), is once again valid for 24 hours, and refreshable up to 364 days (01-01-2024 00:00:00 am
), while Token A has now expired.
If Token A is used after calling the Authorize API, the API will respond back with 403: Access revoked
, if Token A is not yet expired.
key_live
is used to make production calls whereaskey_test
is for test-environment.
Access API Key & Secret from Sandbox Dashboard
- Login to Sandbox Dashboard.
- Select the Subscription
- Go to the API Key tab.
- You will be able to see Live and Test Keys associated with your subscription. You will have to reveal the secret key to access it.

Updated 5 months ago