Retrieving and Using a JWT Token
To make authorized requests to the Payment Gateway API, a valid JSON Web Token (JWT) is required. This token must be included in the Authorization
header of each request, using the Bearer
prefix.
You can obtain a JWT by sending a POST
request to the /auth/token
endpoint. The response will contain the token in the access_token
field of the response body:
{
"access_token": "your_generated_jwt_token"
}
note
Check the API specification for that here:
How to
Information | Description | Data |
---|---|---|
Host | Provided by boltPay | |
Method | POST | |
Endpoint | /auth/token | |
Body | x-www-form-urlencoded |
|
Request example using curl
:
curl --location --request POST '{pgw-url}/auth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencoded 'client_id=client3x3mPl3' \
--data-urlencoded 'client_secret=s3cr3Tp%40ass' \
--data-urlencoded 'grant_type=client_credentials' \
--data-urlencoded 'scope=openid accountId username roles permissions status entityUser'
Response example:
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3gwdmJpNmlfS2MifQ.EVURSJdLCJzdGF0dXMiOiJhY3RpdmUiLCJqdGkiOiJXS21MX3N1bjFqakx5cVc2X2RaUV8iLCJpYXQiOjE2OTQ1MTE2NzYsImV4cCI6MTY5NDUxMjI3Niwic2NvcGUiOiJvcGVuaWQgYWNjb3VudElkIHVzZXJuYW1lIHJvbGVzIHBlcm1pc3Npb25zIHN0YXR1cyBlbnRpdHlVc2VyIiwiaXNzIjoiaHR0cDovLzAuMC4wLjA6OTA5MCIsImF1ZCI6IjVjN2ZiZDYyZjg5MDVhMDAxODk3OTk4ZCJ9.VucwAUv8gruDVfP4DGtbcySU4y8CZ31THv9mFZXDcPc09ct8Aq3qSCiyoCoGNSHeYH27LAnxTzvs38G6RMY4jkO32EjMRYcALlcbX9lAJ89KcFplNj6Q0f-6Xo-rfS6uvVHawyKOCypc1EErWQd9cKqiL35sV-VoCkh0KQgKX9hVlIKh2DpHFivKp4nw7vRZiCsMy1fmmtQTPvXg104SBv7BiU4HAhDkVUgfuyPFBgqvkFbfutz_iqmrWBfhR0PZZVuC-1g",
"expires_in": 600,
"token_type": "Bearer",
"scope": "openid accountId username roles permissions status entityUser"
}
Each token has an expiration time of 10 minutes, and they are irrecuperable, which means that by the end of this period you’ll need to reaccess the POST - /auth/token
endpoint to retrieve a new token.