Skip to main content

Authentication

Tokens - Merchant and Link Communication

All API requests apart from v2/sessions require an authentication token. Follow along this section to learn how to retrieve and use the authorization token to interact with our API suite

Your servers communicate with us via machine-to-machine (M2M) authorization token. This is a cryptographically signed JSON web token (JWT) that gives authenticated machines secure access to specific resources on our side. The token contains information like the Merchant's identity, the token's expiration date, and the service that can be accessed.

Authentication tokens are acquired by calling our auth token service and proving your client_id, client_password, and scope you wish this token to have access for.

The token is granted to your server and should not be shared.

At present, their are two scopes, or permissions available:

Scope types

  • Link-Payment

    string

    Used for Payments, Refunds, Credits, and Cancelations

  • Link-Core

    string

    For all other requests

Like any credential, auth tokens should be considered sensitive and as such, secured.

Endpoints

POST - /v1/tokens

Retrieving Your Auth Token

Client ID and Secret

Your Client ID and Secret can be retrieved from Link Money's merchant portal. Use the following links for sandbox and production. Navigate to the Accounts page and look for the tile pictured below.