Back
Next

Working with Payblr APIs

Payblr uses OAuth 2.0 Client Credentials to provide secure access to protected API resources. To start consuming Payblr APIs, your team must receive application credentials from Payblr, generate an access token, and include that token in every API request.

To begin integrating with Payblr, you will need:

·       client_id

·       client_secret

·       scope

·       Your Token endpoint URL

·       Your API base URL

1. Receive Your Application Credentials

Payblr provisions your application and provides the credentials required to authenticate with the platform.

Your Payblr contact will provide you with the following:

·       client_id

·       client_secret

·       scope

ATTENTION: Keep these credentials secure. Do not expose secrets in front-end applications or client-side code.

2. Obtain an Access Token

Once you have your Client ID, Client Secret and Scope, your system can request an access token from the Payblr authorization endpoint, which can be used to access APIs.

To obtain an access token, your client application needs to make a request to the authorization server. Once the authorization server verifies the request, it will issue an access token that your client application can use to access the requested resources.

It is important to keep this information secure and to follow best practices for storing and using access tokens to ensure the security of your application and user data.

Authentication method: OAuth 2.0 Client Credentials

Example token request:

http

POST [PAYBLR_TOKEN_ENDPOINT]
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials

&client_id=[YOUR_CLIENT_ID]
&client_secret=[YOUR_CLIENT_SECRET]
&scope=[YOUR_CLIENT_SCOPE]

Example successful response:

{
"access_token": "[ACCESS_TOKEN]",
"token_type": "Bearer",
"expires_in": 3600
}

Use the token returned by Payblr in the Authorization header of every API call.

URL

The Authorization endpoint can be used by external client teams to generate access tokens. The token API endpoint for UAT is provide URL here

Please refer to the following POSTMAN Example.

3. Call Payblr APIs

After obtaining an access token, include it in the Authorization header when calling Payblr APIs.

Authorization: Bearer [ACCESS_TOKEN]

Example request pattern:

GET [PAYBLR_API_BASE_URL]/[RESOURCE_PATH]
Authorization: Bearer [ACCESS_TOKEN]
Content-Type: application/json

4. Security and Implementation Best Practices

·       Store Client Secrets in a secure server-side secret manager.

·       Rotate credentials according to your internal security policies or when requested by Payblr.

·       Never expose access tokens or client secrets in frontend code, mobile apps, or logs.

·       Handle token expiration and renew access tokens before they expire.

Get Started