How to use API keys to authenticate your requests
API Authentication
We use JWT tokens to authenticate your requests to our API.
⚠️ Your JWT token allows you to create payment objects and more on your behalf, so make sure to keep it secure.
The JWT token time out after a set period of time (11 minuttes). You can either get a new JWT token by calling the refresh endpoint or by logging in again. The JWT refresh tokens are valid for 144 minuttes.
Authentication is performed by passing your JWT token in an HTTP header called JwtAuthorization
HTTPS is required for all API requests, including authentication. Plain HTTP requests to any endpoint will fail.
Example for fetching your JWT token from the authenticate endpoint:
curl https://api-sandbox.ztlment.com/v1/user-logins/authenticate-jwt \
-X POST \
-H 'Content-Type: application/json' \
-d '{
"email": "your-api-user-email-here",
"password": "your-api-user-password-here"
}'
Example response:
{
"status_message": "Authentication Successful",
"token": "eyJ0e.......IDlYT5GvAlUsIY30A",
"refresh_token": "eyJ0eXAiO......S-ISq_r7at-T1mA"
}
Example on how to use the JWT token to authenticate against an endpoint:
curl https://api-sandbox.ztlment.com/v1/payment-objects \
-X POST \
-H JwtAuthorization: your-jwt-token-here \
-H 'Content-Type: application/json' \
-d '{
"amount": 1000,
"currency": "EUR",
"payer": {
"id": "ACC_754215455221"
},
"payee": {
"id": "EXT_671957956248"
},
"iban_memo":"Powered By ZTLment"
}'
Example on how to refresh your JWT token using the refresh token. The response is the same as for the initial token request:
curl https://api-sandbox.ztlment.com/v1/user-logins/jwt-refresh \
-X POST \
-H JwtAuthorization: your-jwt-refresh-token-here