Authentication process for Sandbox APIs
Authentication on Sandbox APIs
Once you start your subscription, Sandbox will provide you with a unique API
secret that is accessible from your dashboard. The authentication flow consists of exchanging the
secret for a JWT
access_token. This is done using the Authenticate API.
Users can then pass the
access_token along with their
key in request headers to make the API calls. Note that the
access_token has a validity of 24 hours, post which it will expire.
You can refresh the
access_token by calling the Authorize API. You can keep refreshing every 24 hours for up to 365 days, after which you need to acquire new
access_token by calling the Authenticate API again.
access_token is generated using the Authenticate API (Token A) on
01-01-2023 00:00:00 am, The validity of Token A is 24 hours (until
02-01-2023 00:00:00 am), which is refreshable for up to 365 days. (
01-01-2024 00:00:00 am)
When Token A expires, you use the Authorize API to refresh the token. The refreshed token (Token B), is once again valid for 24 hours, and refreshable up to 364 days (
01-01-2024 00:00:00 am), while Token A has now expired.
If Token A is used after calling the Authorize API, the API will respond back with
403: Access revoked, if Token A is not yet expired.
key_liveis used to make production calls whereas
key_testis for test-environment.
Access API Key & Secret from Sandbox Dashboard
- Login to Sandbox Dashboard.
- Select the Subscription
- Go to the API Key tab.
- You will be able to see Live and Test Keys associated with your subscription. You will have to reveal the secret key to access it.
Updated 3 months ago