Accessing the Platform

Access to the Payblr APIs is based on OAuth 2.0 using the Client Credentials grant type.

Each Client is provisioned with an application that includes:

• client_id

• client_secret

These credentials are used to obtain an access token.

Obtaining an Access Token

To authenticate:

1. Send a POST request to the token endpoint.

2. Provide client_id and client_secret.

3. Receive a JWT access token.

4. Include the token in API requests using the Authorization header.

Example:

Authorization: Bearer <access_token>

The access token determines the Client context and the permissions associated with the application.

Client Scope

Client scope is not passed in the request path or headers.

Client context is derived from the registered application associated with the access token.

Each application is mapped to a specific Client.

All API requests are automatically scoped to that Client.

API Visibility Levels

The Developer Portal provides two documentation access levels:

Standard APIs

• Visible to all developers.

• Accessible using valid client credentials.

Admin APIs

• Visible only to registered Developer Portal users.

• Require approved access.

• Intended for Global Admin operations.

Access to Admin APIs requires registration and authorization.

Environments

The platform provides multiple isolated environments to support different stages of development, testing, and deployment:

• Development (Dev)

• User Acceptance Testing (UAT)

• Sandbox

• Production

Credentials are environment-specific and cannot be reused across environments.