Authentication and Authorization

CXP uses a combination of a user name, password, and authentication tokens for API requests. The user name and password are utilized to call the token endpoint to obtain an authentication token; there is one token for Sale requests and one token for Card Issuing (purchase) requests. Each token is valid for 24 hours from the time it is issued and it may be used for all requests during its 24-hour lifespan.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without a valid authentication token will also fail. If a token has expired, an “HTTP 401” error is returned as the API response.

The Sales Token Endpoint in Sandbox is:

The Card Issuing Token Endpoint in Sandbox is: