Access tokens

What is an Access Token?

With the help of Access Tokens, you can grant users particular permissions based on your needs. An Access Token can be used as a header for making API requests instead of public and secret API keys. It allows third parties to perform actions using Paydock API endpoints while also limiting access to certain API features. You can disable the token at any time from within the dashboard and you can set a time limit for an Access Token.

This feature could be useful to provide limited access to your account for reporting or for job-specific responsibilities, without providing full API access.

For example, if you would like to allow a staff member or third party to create a charge but not to have access to view charge data, you can generate an access token with the permission Create Charges. The person with this access token can then create a new charge using x-access-token instead of x-user-secret-key, like so:

curl --location --request POST '' \
--header 'x-access-token: {{accesstoken}}' \
--header 'Content-Type: application/json' \
--data-raw '{
    "amount": "10.00",
    "currency": "AUD",
    "customer": {
        "payment_source": {
            "gateway_id": "5cbede1f151b842653e987be",
            "card_name": "First_Name Last_Name",
            "card_number": "4242424242424242",
            "expire_month": "09",
            "expire_year": "21",
            "card_ccv": "123"

If you want to restrict the user from making charges, you can disable the access token at any time.

Creating and Deactivating Access Tokens

To generate an access token, go to the Profile menu in your Paydock dashboard > click Access Tokens > press Create New:

Put a checkmark next to the required permission(s), give the Access Token a Label and set the expiry date and time in Expire In. If you do not provide any value in the Expire In field, the token will remain active forever. 

Additionally, you can allow using access tokens only with specified domain names (for UI only) and from specified IP addresses (for both API and UI). You can add these parameters to the Whitelist Domains and Whitelist IPs fields respectively.

Once done, scroll down to the bottom of the pop-up window and click Create. Copy the token to a safe place because it will not be available in the dashboard afterwards.

That's it! Now you can share this access token with any third party who will be able to perform only those actions for which you selected the permissions. 

To disable the access token, go to Actions and choose Deactivate.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us