Skip to main content
Version: v2alpha1

Authentication

To communicate with the getpaid API, you should obtain an OAuth 2.0 access token using the client ID and client secret provided during the client credentials creation for the API. See the authentication endpoints in the API reference for more details.

  1. Make a POST request to https://auth.getpaid.io/oauth/token providing the appropriate credentials, audience and authorization scopes:
curl --location --request POST 'https://auth.getpaid.io/oauth/token' \
--header 'Content-Type: application/json' \
--data-raw '{
  "client_id": "{{client_id}}",
  "client_secret": "{{client_secret}}",
  "audience": "https://api.getpaid.io",
  "grant_type": "client_credentials",
  "scope": "accounts:read_write invoices:read_write"
}'
  1. This will return a Bearer access token in JSON Web Token (JWT) format which you should use in the Authorization header of any subsequent getpaid API requests.
{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
  "token_type": "bearer",
  "expires_in": 3600
}
  1. The access token will be valid for the length of time in seconds indicated by the expires_in field. When it expires, you should request a new one. If using one of our client libraries*, this will be handled automatically for you.

* Available soon

Authorization scopes

getpaid API implements a fine-grained authorization mechanism based on scopes to allow you to limit the access of the access token to the resources you need as minimize the consequences of a security breach.

Every endpoint in the API reference has a list of the required scopes to access it. For example, to create an invoice you need the invoices:read_write scope.