Authentication & Authorization

PartPay uses OAuth 2.0 as a standardised means of securing API endpoints.


There are 2 supported endpoints, which are reflective of either a sandbox or production environment.

Environment Token Endpoint API Identifier (audience)

Client Credentials

This flow is used for server-to-server communication, and is relevant in our merchant API and our instore API.

To obtain a token, make a request to the token endpoint, with a number of properties you’ll be given when starting your integeration with PartPay.


To obtain an access token:

Content-Type: application/json

  "client_id":"[client id]",
  "client_secret":"[client secret]", 

Will return a response ie:

    "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciO.....",
    "expires_in": 86400,
    "scope": "merchant",
    "token_type": "Bearer"


Scopes are not requested as part of this flow, instead they will be added to the returned access_token, where the client access allows.

Token Expiry

Access tokens are able to be used for 10 hours.