To access the SynchPay API, you need to obtain an access token by authorizing with your ClientId and ClientSecret, which are provided by SynchPay support.
Note: Keep your ClientId and ClientSecret secure and do not expose them in client-side code or public repositories.
Obtaining an Access Token
Token Endpoint
Request Body
The request body should be in JSON format and contain the following fields:
-
ClientId: Your client ID provided by SynchPay support.
-
ClientSecret: Your client secret provided by SynchPay support. You can request a new client secret via this form.
Example:
{
"ClientId": "your_client_id",
"ClientSecret": "your_client_secret"
}
Response
Upon successful authorization, the endpoint returns a JSON object with the following fields:
-
AccessToken: The access token to be used in API requests.
-
TokenType: The type of the token, which is “Bearer”.
-
ExpiresInSeconds: The number of seconds until the token expires (3600 seconds, which is one hour).
Example:
{
"AccessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"TokenType": "Bearer",
"ExpiresInSeconds": 3600
}
Using the Access Token
To make authorized requests to the API, include the access token in the Authorization header of your HTTP requests:
Authorization: Bearer \<AccessToken>
Replace <AccessToken> with the actual access token received from the token endpoint.
Example:
GET /some/protected/endpoint HTTP/1.1
Host: api.synchpay.com
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
Token Expiry
The access token is valid for one hour (3600 seconds). After it expires, you need to obtain a new token by calling the token endpoint again with your credentials.
Last modified on January 7, 2026
