Authentication

How to authenticate

This API uses Bearer Auth with JSON Web Tokens (JWT).

All requests must include this HTTP header:


Authorization: Bearer <your-token>

To authenticate with our API, send a POST request to the authentication endpoint using your client credentials:

If the credentials are valid, you’ll receive a JSON Web Token (JWT) in the response:

{
  "status": "success",
  "token": "YOUR_JWT_TOKEN",
  "expires_in": 3600
}

Use this token to authorize all subsequent requests by including it in the Authorization header:

Note: Replace YOUR_CLIENT_ID, YOUR_CLIENT_SECRET, and YOUR_JWT_TOKEN with your actual credentials.

Is active and not expired

Has not exceeded usage quotas

Belongs to a account with direct-debit enabled

A missing or invalid token will return:

401 Unauthorized – Authentication credentials are missing or incorrect

See the Error Handling page for full details on error codes.