Revoke individual tokens based on a unique identifier or revoke all tokens linked to a specific merchant.


Token management is mandatory for partner users and optional for merchant users.

  • As a partner, and as outlined in Partner Integration, before you can initiate any API requests on behalf of a merchant, you must first generate an OAuth token representing that specified merchant.
  • As a merchant, following the Merchant Integration, you may also want to authenticate with OAuth tokens rather than using an API Key.

The following sections offer a reference to all the available Token endpoints.

Request an Access Token for an Organisation

Exchange an API Key to retrieve an OAuth access token for the originator/merchant.

Revoke All Tokens for an Organisation

This service allows you to revoke all the tokens generated against a specific merchant (by passing the encodedOrganisationId).

Revoke a Token for an Organisation (with a Token ID)

Use this service if you want to revoke a token for a specific encodedOrganisationId and tokenId

Request an Access Token

Use this service to exchange your API Key for a token.

Revoke All Tokens for the Current Organisation

Use this service if you want to revoke all the tokens for the requesting organisation.

Revoke a Token with a Token Identifier

Use this service to revoke a token by passing its tokenId