Merchant Authentication

The Merchant Authentication service is the mandatory first step for interacting with the Getnet C2C API. You must obtain a valid Bearer Token through this endpoint to authorize all subsequent transactional and management calls.

Service Definition

Configure your Cashier Software to perform a POST request to the authentication service using the environment-specific domain provided by Getnet.

Endpoint URL: http://dominio-posintegrado/api/postxs/auth
Method: POST
Content-Type: application/x-www-form-urlencoded

Required Headers

Include the following mandatory headers in every authentication request:

Header	Value	Description
`env`	`uat`	Environment identifier (use `uat` for testing).
`country`	`ar`	Country code identifier.
`app`	`posintegrado`	Application identifier.

Request Body Parameters

Pass your merchant credentials in the request body as URL-encoded parameters.

Parameter	Type	Description
`clientId`	String	Unique client ID assigned to your commerce.
`clientSecret`	String	Authorization secret key assigned to your commerce.

Tip: For initial testing in the UAT environment, you should use the static Sandbox credentials detailed in the UAT Credentials & Test Data.

Response Processing

The API returns a success or error payload. Use the code field to drive your application logic.

Successful Login (`code: 1`)

A successful request returns HTTP 200 and the following JSON structure:

json

{
    "code": 1,
    "status": "OK",
    "message": "LOGIN SUCCESSFUL",
    "data": {
        "token": "eyJhbGciOiJIUzI1NiIsInR5...",
        "expires_in": 86400
    }
}

json

{
    "code": 1,
    "status": "OK",
    "message": "LOGIN SUCCESSFUL",
    "data": {
        "token": "eyJhbGciOiJIUzI1NiIsInR5...",
        "expires_in": 86400
    }
}

Failed Authentication (`code: 0`)

If credentials are invalid or a server error occurs, the API returns:

json

{
    "code": 0,
    "status": "ERROR",
    "message": "erro detail",
    "data": null
}

json

{
    "code": 0,
    "status": "ERROR",
    "message": "erro detail",
    "data": null
}

Important: Technical Error: Any response status different from HTTP 200 must be treated as a server or network error.

Token Lifecycle Management

Include the generated token in the Authorization header of every subsequent API call using the Bearer scheme.

http

Authorization: Bearer <token>

http

Authorization: Bearer <token>

Environment Expiration Rules

Strictly adhere to the following expiration windows to prevent transaction failures:

Environment	Expiration (`expires_in`)	Implementation Strategy
UAT (Testing)	86,400 seconds (24h)	Reuse the same token for the duration of your daily testing sessions.
Production	100 seconds	Implement "Just-in-Time" auth; request a new token for every transaction.

Next Steps

Now that you have authenticated your merchant session, you can proceed to terminal identification and transactional services:

On this page

Merchant Authentication

C2C Integration Overview

C2C Security and Authorization

C2C Terminal Management

C2C Transactional Services

Transaction Tracking and Webhooks

C2C Post-processing and Reporting

C2C Reference and Error Handling

Merchant Authentication

Service Definition

Required Headers

Request Body Parameters

Response Processing

Successful Login (code: 1)

Failed Authentication (code: 0)

Token Lifecycle Management

Environment Expiration Rules

Next Steps

Successful Login (`code: 1`)

Failed Authentication (`code: 0`)