Authentication

API keys are unique data strings used to authenticate a user and enable access to privileged operations on UQPAY APIs. All UQPAY APIs use API keys as the mechanism to authenticate client requests. Your API key should be kept confidential and secure at all times.

​

Request an access token

Request an access token by specifying your x-client-id and x-api-key in the HTTP request header. The token returned is required for calling all other API endpoints, which HTTP header must include x-auth-token: Bearer <YOUR_TOKEN_HERE>.

'x-auth-token': 'Bearer <YOUR_TOKEN_HERE>'

The access token is valid for 30 minutes and can be used multiple times for all other API endpoints until it expires. It’s recommended to rely on expires_at for the accurate token expiration time. This API enforces a rate limit of 50 requests per minute.

​

Response

  curl --request POST \
  --url 'https://api.sandbox.uqpay.org/api/v1/auth/signin' \
  --header 'Content-Type: application/json' \
  --header 'x-api-key: 72c0a50d840626050145ccf71d6415d9f08aad117450e23a4f4f' \
  --header 'x-client-id: seaVSAEssSnq45temBX6CnB'

{
  "expires_at": 160014411412,
  "auth_token": "2YotnFZFEjr1zCsicMWpAA2YotnFZFEjr1zCsicMWpAA2YotnFZFEjr1zCsicMWpAA2YotnFZFEjr1zCsicMWpAA"
}

​

Testing Authentication

To verify that your API key is correctly set up, run the command below, which causes your code to hit a read endpoint (in this case, use the ping endpoint).

# Replace ${YOUR_TOKEN_HERE} with your API key
curl -H 'Accept: application/json' \
  -H "x-auth-token: Bearer ${YOUR_TOKEN_HERE}" \
  -X GET --url https://api.sandbox.uqpay.org/api/v1/ping