Generate Token

To ensure secure access to backend operations, merchants are required to authenticate with our system using OAuth 2.0 protocol. This authentication process involves a server-to-server API call to our merchant.authorize endpoint. Merchants provide their credentials in the form of a public_key and a secret, which are issued by Brite. In return, the authorization server responds with an access_token and a refresh_token.
					// example request
"public_key": "string", 
"secret": "string"
					// example response
"access_token": "string",
"expires": 1652708597,
"refresh_token": "string" 
TokenExpiration time

The access_token serves as a temporary credential for accessing protected resources. In subsequent API calls, merchants must include the access_token in the request header using the Bearer token authentication scheme. Additionally, the content-type must be specified as application/json.

					// example request
curl -X POST \
  -H "Authorization: Bearer ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"key1":"value1","key2":"value2"}' \


Renew Token

The refresh_token enable merchants to acquire a new access_token prior to the expiration of the original one. This process is initiated by sending the current access_token along with the refresh_token in a merchant.token API call.
					// example request
    "access_token": "string",  // required
    "refresh_token": "string"  // required

To ensure uninterrupted access to our services, It’s important to understand that renewing a token automatically invalidates the original access_token.  Therefore, if there’s any propagation time expected on your application for the new token to take effect, merchants should consider generating a new token via the merchant.authorize endpoint instead.

Table of contents