Skip to main content
POST
/
api
/
v1
/
oauth2
/
token
curl -X POST 'https://core.quidkey.com/api/v1/oauth2/token' \
  -H 'Content-Type: application/json' \
  -d '{
    "client_id": "cbad8f7d-41f5-463d-967c-ca825eb65953",
    "client_secret": "98c787a7b57a881e469e64579be9823a302185213de0d3835a766f1e3907982f"
  }'

{
  "success": true,
  "data": {
    "access_token": "example_access_token_xyz789",
    "refresh_token": "example_refresh_token_abc123",
    "token_type": "Bearer",
    "expires_in": 3600
  }
}
Exchange your client_id and client_secret for an access token. The token is valid for 15 minutes and must be included in the Authorization: Bearer <token> header of all subsequent API requests. 
curl -X POST 'https://core.quidkey.com/api/v1/oauth2/token' \
  -H 'Content-Type: application/json' \
  -d '{
    "client_id": "cbad8f7d-41f5-463d-967c-ca825eb65953",
    "client_secret": "98c787a7b57a881e469e64579be9823a302185213de0d3835a766f1e3907982f"
  }'
Token Lifecycle:
  • Validity: 15 minutes (900 seconds)
  • Refresh: Use the refresh_token to get a new access_token without re-authenticating
  • Best practice: Cache tokens and refresh before expiry
Don’t have credentials yet? Sign up at console.quidkey.com to get your client_id and client_secret for development and production environments.

Body

application/json

Request body

client_id
string<uuid>
required

The client ID of the partner or merchant

Example:

"547544c3-eeac-492e-8df9-5a52ca4e6bdf"

client_secret
string
required

The client secret of the partner or merchant

Example:

"b717adcac3f26e8034574021fa647cd7d4edd67b615046df387f6712c3601048"

Response

Success

success
boolean
required

Indicates if the request was successful

Example:

true

data
object
required