Authentication
access_token. This token, also known as a Bearer Token, must then be included in the header of all subsequent API requests.Authentication process
The authentication process is a simple, two-step flow:
- Request an Access Token using your permanent credentials.
- Use the obtained Access Token to make your API calls.
Your Credentials
For each environment (Sandbox and Production), you will be provided with a unique set of credentials. It's important to understand the role of each:
- Client ID & Client Secret: These are your permanent credentials used only to generate an
access_token. - Seller ID: This is your merchant identifier, which must be passed as a header (
x-seller-id) in most API calls to identify your account.
Sandbox credentials are used for testing and development and can be accessed from the developer portal. Production credentials are used for live transactions and will be securely provided by the Getnet team after the homologation process is complete.
Step 1: Generate an Access Token
client_id and client_secret.access_token and an example of a response. The Authorization header is formed by combining your client_id and client_secret with a colon (:), Base64 encoding the result, and prefixing it with Basic.curl --request POST \
--url https://api-sbx.globalgetnet.com/authentication/oauth2/access_token \
--header 'authorization: Basic c2J4XzlmMzQzZWMzLTczNjItNGY2Yi05N2UyLTIzY2FiMjA1M2I3NDo1YTE3MDAyMC05YzMzLTQ1NTUtODM0NC1mZjNiOTY0ZDY0Mzb=' \
--header 'content-type: application/x-www-form-urlencoded' \
--data grant_type=client_credentialscurl --request POST \
--url https://api-sbx.globalgetnet.com/authentication/oauth2/access_token \
--header 'authorization: Basic c2J4XzlmMzQzZWMzLTczNjItNGY2Yi05N2UyLTIzY2FiMjA1M2I3NDo1YTE3MDAyMC05YzMzLTQ1NTUtODM0NC1mZjNiOTY0ZDY0Mzb=' \
--header 'content-type: application/x-www-form-urlencoded' \
--data grant_type=client_credentialsThe API returns a response with your access token:
{
"access_token": "eyJ0eXAiOiJKV1QiLCJraWQiOiI1amhLMy9xK0ZpK0tTRkIrRUwwN3VhMFYwdGM9IiwiYWxnIjoiUlMyNTYifQ...",
"scope": "digital-platform-sbx:gateway-api",
"token_type": "Bearer",
"expires_in": 3599
}{
"access_token": "eyJ0eXAiOiJKV1QiLCJraWQiOiI1amhLMy9xK0ZpK0tTRkIrRUwwN3VhMFYwdGM9IiwiYWxnIjoiUlMyNTYifQ...",
"scope": "digital-platform-sbx:gateway-api",
"token_type": "Bearer",
"expires_in": 3599
}Step 2: Make API Requests
All transactions require a Bearer token generated through OAuth 2.0. You must include this token in the Authorization header of each API request to ensure secure and controlled access.
Bearer.Authorization header format:
Authorization: Bearer {access_token}curl https://api-sbx.globalgetnet.com/dpm/payments-gwproxy/v2/payments \
--request POST \
--header 'Content-Type: application/json' \
--header 'x-seller-id: YOUR_SELLER_ID' \
--header 'Authorization: Bearer a1b2c3d4-e5f6-7890-g1h2-i3j4k5l6m7n8'curl https://api-sbx.globalgetnet.com/dpm/payments-gwproxy/v2/payments \
--request POST \
--header 'Content-Type: application/json' \
--header 'x-seller-id: YOUR_SELLER_ID' \
--header 'Authorization: Bearer a1b2c3d4-e5f6-7890-g1h2-i3j4k5l6m7n8'Token Management
Access Tokens are temporary and will expire after the time specified in the expires_in field (one hour). Your application should be designed to either request a new token upon expiration or proactively request one before it expires to ensure uninterrupted service.
Next Steps
Now that you have completed the authentication process, proceed to the next steps:
- Quick Start Guide - Create your first payment transaction in minutes.
- Supported Payment Methods - See all the payment options available
- Authentication endpoint - Authorize your request