What does the authentication process look like?

Consejo

Last updated on 2025-08-28.

Authentication is initially done via API Key and API Secret created in the managed organization.

You will receive an access_token which is valid for 24 hours and a refresh_token which is valid for 48 hours. You can use this to re-authenticate on an ongoing basis.

If you run into a 401 response, simply re-authenticate via API Key and Secret.

Re-authentication should not happen on every request as this would unnecessarily delay the checkout process.

For requests on the authentication endpoints we recommend a timeout of 3-4 seconds.