Developer Documentation
Developer Documentation
Home
Zip

Client Credentials

This flow is used for server-to-server communication, and is relevant in our merchant API and our instore API.

To obtain a token, make a request to the token endpoint, with a number of properties you’ll be given when starting your integration with Zip UK.

Example

To obtain an access token:

POST https://merchant-auth-uk.zip.co/oauth/token
Content-Type: application/json

{
  "client_id":"[client id]",
  "client_secret":"[client secret]", 
  "audience":"auth.partpay.co.uk",
  "grant_type":"client_credentials"
}

Will return a response ie:

{
    "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciO.....",
    "expires_in": 86400,
    "scope": "merchant",
    "token_type": "Bearer"
}

Scopes

Scopes are not requested as part of this flow, instead they will be added to the returned access_token, where the client access allows.

Token Expiry

Access tokens are able to be used for 24 hours until a new one will need to be obtained.

Authentication Endpoints

NB that the previously defined endpoints will continue to function as they previously have, and your previously issued Client Id & Secret will be able to be used with both end points. There are no plans to retire the existing authentication endpoints.

Old endpoints

Environment Token Endpoint API Identifier (audience)
Production https://merchant-auth.partpay.co.nz/oauth/token https://auth.partpay.co.nz
Test https://partpay-dev.au.auth0.com/oauth/token https://auth-dev.partpay.co.nz