GrailPay API uses Bearer Authentication to enforce authentication for all its incoming requests. Bearer Authentication (Token Authentication) is an HTTP authentication mechanism that involves security tokens generated by GrailPay servers. If you have lost an API Token, please contact GrailPay support immediately. All API requests must be made over HTTPS. Calls made over HTTP will fail.

API Token Types

Interacting with the GrailPay API typically requires three different token types, listed below.

Processor Token

A Processor Token allows a program to:

Interact with processor level APIs
Query vendor level resources.

Vendor Token

A Vendor Token is issued for each vendor created under a processor. It allows a program to:

Register, deregister and query webhooks.
Add, remove and query bank accounts
Onboard businesses and people.
Process and query transactions.

Bank-Link Token

A Bank-Link Token is issued for each vendor by request. It allows a program to:

Initialize and display the GrailPay Bank-Link Widget
Connect users with bank accounts via a web browser.

Home

​API Token Types

​Processor Token

​Vendor Token

​Bank-Link Token

API Token Types

Processor Token

Vendor Token

Bank-Link Token