Documentation

Authentication

Suggest Edits

GrailPay API uses Bearer Authentication to enforce authentication for all its incoming requests. Bearer Authentication (Token Authentication) is an HTTP authentication mechanism that involves security tokens generated by GrailPay servers.

If you have lost an API Token, please contact GrailPay support immediately.

All API requests must be made over HTTPS. Calls made over HTTP will fail.

API Token Types

Interacting with the GrailPay API typically requires three different token types, listed below.

Processor Token

A Processor Token allows a program to:

  • Interact with processor level APIs
  • Query vendor level resources.

Vendor Token

A Vendor Token is issued for each vendor created under a processor. It allows a program to:

  • Register, deregister and query webhooks.
  • Add, remove and query bank accounts
  • Onboard businesses and people.
  • Process and query transactions.

Bank-Link Token

A Bank-Link Token is issued for each vendor by request. It allows a program to:

  • Initialize and display the GrailPay Bank-Link Widget
  • Connect users with bank accounts via a web browser.

Updated 30 days ago