Authentication

The Ledyer API uses the OAuth 2.0 client credentials protocol for authentication and authorization.

To begin, obtain your client credentials from Ledyer support.

Caution

Your client credentials carry many privileges, so be sure to keep them secure! Do not share your credentials in publicly accessible areas such as GitHub, client-side code, and so forth.

Important

All API requests must be made over HTTPS otherwise they will fail.

Obtain an access token

Provide a base64 encoded clientId:clientSecret pair in the authorization header of type Basic together with a form parameter grant_type=client_credentials and POST it to the token URL.

If the request is successful you’ll receive an HTTP 200 response with a payload containing access_token, expires_in, scope and token_type values.

The access tokens have a limited lifetime of one hour, so you have to obtain a new token when it is about to expire or has expired.

Call the API

To call the Ledyer API, your application must pass the obtained access token as a Bearer Token in the Authorization header of the API HTTPS request.

curl -X POST 
	-H 'authorization: Bearer v4.public.eyJpc3MiOiJs...' 
	-H 'content-type: application/json' 
	-d '{ ... }' 
	https://api.sandbox.ledyer.com/v1/orders

See full examples on the Create order session page