Skip to main content

How it works

Machine-to-Machine (M2M) authentication allows backend services and partner platforms to connect to our API without user interaction.
This flow uses a Broker Token (also referred to as an API Key) to request a short-lived access token.
⚠️ We provide custom authentication flows for partners.
This documentation describes the abstract flow your exact implementation may vary depending on your integration and assigned scopes.

Authentication Flow

  1. Obtain a Broker Token
    • You’ll receive a Broker Token during the partner onboarding process.
    • The Broker Token is rotated periodically for security. You will be notified when a new one is issued.
    • Treat this token as a credential: it should only be stored in secure server-side environments.
  2. Request an Access Token
    • Call the /tokens endpoint with your Broker Token.
    • The response includes a short-lived access_token, which you will use in subsequent API calls.
  3. Call the API
    • Use the access_token in the Authorization header with the Bearer scheme for all API requests.