Most API calls require authentication. The secuconnect API uses the OAuth 2.0 protocol for this purpose. The OAuth service checks your credentials, and hands an access token over to you. It grants you access to the API for a limited period of time. The client must pass this token with all subsequent API calls.
The endpoint for OAuth authorization is POST /
POST /oauth/token HTTP/1.1
HTTP/1.1 200 OK
You need to pass the received token (line 6) in an Authorization: Bearer header in your subsequent calls. The returned OAuth token (line 6) is valid for as many seconds as signalized in the expires_in field (line 8).
GET /api/v2/General/Merchants/me HTTP/1.1
Authorization: Bearer qb56tjj1bcvo9n2nj4u38k84lo
Usually, one doesn't need to use HTTP directly. The corresponding example using the secuconnect PHP SDK:
// Optionally you can configure a PSR-6 compliant cache
// Create an authenticator object with OAuth authentication and obtains token
// Saves the token to the default client configuration
We provide SDKs for PHP, Java, NodeJS, and .NET free of charge.