Partner Authentication

The Partner API uses OAuth2 Client Credentials flow for authentication.

Getting Credentials

When you register as a partner, you receive:

Credential	Description
`client_id`	Your unique partner identifier
`client_secret`	Secret key (keep secure!)
`webhook_secret`	Secret for verifying webhooks

Getting an Access Token

cURL
Node.js
Python

curl -X POST https://api.acountpay.com/oauth/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials" \
  -d "client_id=YOUR_CLIENT_ID" \
  -d "client_secret=YOUR_CLIENT_SECRET"

const response = await fetch('https://api.acountpay.com/oauth/token', {
  method: 'POST',
  headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
  body: new URLSearchParams({
    grant_type: 'client_credentials',
    client_id: process.env.ACOUNTPAY_CLIENT_ID,
    client_secret: process.env.ACOUNTPAY_CLIENT_SECRET,
  }),
});
const { access_token, expires_in } = await response.json();

import requests

response = requests.post(
    'https://api.acountpay.com/oauth/token',
    data={
        'grant_type': 'client_credentials',
        'client_id': os.environ['ACOUNTPAY_CLIENT_ID'],
        'client_secret': os.environ['ACOUNTPAY_CLIENT_SECRET'],
    }
)
data = response.json()
access_token = data['access_token']

Response

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "payments:create payments:read"
}

Using the Token

Include the access token in all API requests:

curl -X POST https://api.acountpay.com/v1/partner/payments \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "X-Merchant-Client-Id: merchant_abc123" \
  -H "Content-Type: application/json" \
  -d '{"amount": 149.99, "referenceNumber": "ORDER-123"}'

Token Caching

Tokens are valid for 1 hour. Cache them to avoid unnecessary requests:

class AcountPayClient {
  constructor(clientId, clientSecret) {
    this.clientId = clientId;
    this.clientSecret = clientSecret;
    this.accessToken = null;
    this.tokenExpiry = null;
  }

  async getAccessToken() {
    if (this.accessToken && this.tokenExpiry > Date.now()) {
      return this.accessToken;
    }

    const response = await fetch('https://api.acountpay.com/oauth/token', {
      method: 'POST',
      headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
      body: new URLSearchParams({
        grant_type: 'client_credentials',
        client_id: this.clientId,
        client_secret: this.clientSecret,
      }),
    });

    const data = await response.json();
    this.accessToken = data.access_token;
    this.tokenExpiry = Date.now() + (data.expires_in - 300) * 1000;
    return this.accessToken;
  }
}

Error Responses

Status	Error	Description
400	`invalid_grant`	Invalid grant type
401	`invalid_client`	Invalid credentials
429	`rate_limit_exceeded`	Too many requests

Basics

Payment

Data

Merchant POS

Partner API (POS Providers)

Getting Credentials

Getting an Access Token

Response

Using the Token

Token Caching

Error Responses

Basics

Payment

Data

Merchant POS

Partner API (POS Providers)

​Getting Credentials

​Getting an Access Token

​Response

​Using the Token

​Token Caching

​Error Responses

Getting Credentials

Getting an Access Token

Response

Using the Token

Token Caching

Error Responses