Authenticating to the API

Your API Credentials

Gravity Payments will provide an API Key and Secret pair for you to use in the sandbox environment, and a separate pair for the production environment. If you haven’t yet received these credentials, please reach out to our Developer Support team.

To submit accounts to the API, you will first need to retrieve an authentication token by authenticating with your API Key and Secret. You’ll then use this authentication token with the Authorization header in subsequent requests to claim your access to the API. Tokens last for 24 hours, after which time you’ll need to retrieve another.

To retrieve a token, you will POST a JSON object to the /auth endpoint as follows:



Request Headers

Content-Type: application/json

Request Body

  "apiKey":"{your API Key goes here}",
  "secret":"{your API Secret goes here}"

This request will prompt the server to authenticate your access and respond with an authentication token. The response body after a successful request will contain a JSON object that looks like the following:

Response Body

	"AccessToken": "{token string}"

Code Example

const url = '';
const requestBody = {
  apiKey: 'my-api-key',
  secret: 'my-api-secret'
const options = {
  method: 'POST',
  headers: {
    "Content-Type": "application/json",
  body: JSON.stringify(requestBody)

fetch(url, options)
  .then(res => res.json())
  .then(json => console.log(JSON.stringify(json)))
  .catch(err => console.error('Error: ' + JSON.stringify(err)));
curl --request POST \
	--url \
	--header 'Content-Type: application/json' \
	--data '{"apiKey": "my-api-key", "secret": "my-api-secret"}'