Authenticate
Authentication — Authenticate
3 min readUpdated Mar 27, 2026
POST /api/v1/auth
Obtain a JWT bearer token by providing your merchant credentials. The returned token must be included in the Authorization header of all subsequent API calls. Tokens are valid for 30 days.
Guide: Authentication Guide — conceptual walkthrough, flow diagrams, and integration patterns.
#Headers
| Header | Value |
|---|---|
Content-Type | application/json |
No authorization required. This endpoint returns the bearer token used to authorize all other API calls.
#Request Body Parameters
| Field | Type | Required | Description |
|---|---|---|---|
merchantKey | String | Yes | Your merchant API key, provided by the Exirom Admin Team. |
merchantSecret | String | Yes | Your merchant API secret, provided by the Exirom Admin Team. Keep this value secure — never expose it in client-side code. |
#Response
Returns a JWT bearer token as a plain string. Include this token in subsequent requests as Authorization: Bearer {token}.
The token is valid for 30 days. We recommend caching it and re-authenticating only when it expires.
{
"merchantKey": "example_merchantKey",
"merchantSecret": "example_merchantSecret"
}"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtZXJjaGFudF8xMjMiLCJpYXQiOjE3MDk4..."#Error Responses
| HTTP Status | Description |
|---|---|
400 | Bad Request — missing or invalid parameters. Check the response body for field-level details. |
404 | Not Found — the requested resource does not exist. |
500 | Internal Server Error — an unexpected error occurred. Retry with exponential backoff. |
curl -X POST https://sandbox.api.exirom.com/api/v1/auth \
-H "Content-Type: application/json" \
-d '{
"merchantKey": "TEST_MERCHANT_KEY",
"merchantSecret": "TEST_MERCHANT_SECRET"
}'#Try It
SandboxTry it
https://sandbox.api.exirom.com/api
Was this helpful?