Safira Paydocs

Generate JWT access token

POST /api/auth/token

Authenticate using an X.509 client certificate + OAuth 2.0 credentials (clientId/clientSecret) and receive a JWT token valid for 30 minutes (1800 seconds).

Headers

HeaderTypeRequiredDescription
X-SSL-Client-CertstringYesURL-encoded PEM client certificate (standard NGINX header)

Request Body

FieldTypeRequiredDescription
clientIdstringYesOAuth 2.0 client ID obtained from credential creation
clientSecretstringYesOAuth 2.0 client secret (8-64 characters)
{
  "clientId": "account-93-550e8400",
  "clientSecret": "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6"
}

Response (201)

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "Bearer",
  "expires_in": 1800
}

Errors

StatusDescription
400Invalid request or missing certificate in the X-SSL-Client-Cert header
401Invalid credentials or invalid certificate

The X.509 certificate must be sent URL-encoded in the X-SSL-Client-Cert header. The certificate must be previously linked to your account.

Query account balance

Query the available balance of the account.

On this page

POST /api/auth/tokenHeadersRequest BodyResponse (201)Errors