Skip to main content
POST
/
auth
/
api
/
v1
/
generate-token
Get Authentication token
curl --request POST \
  --url https://dev.waftpay.io/auth/api/v1/generate-token \
  --header 'Content-Type: application/json' \
  --data '
{
  "consumer_key": "APP_CONSUMER_KEY",
  "consumer_secret": "APP_CONSUMER_SECRET"
}
'
import requests

url = "https://dev.waftpay.io/auth/api/v1/generate-token"

payload = {
"consumer_key": "APP_CONSUMER_KEY",
"consumer_secret": "APP_CONSUMER_SECRET"
}
headers = {"Content-Type": "application/json"}

response = requests.post(url, json=payload, headers=headers)

print(response.text)
const options = {
method: 'POST',
headers: {'Content-Type': 'application/json'},
body: JSON.stringify({consumer_key: 'APP_CONSUMER_KEY', consumer_secret: 'APP_CONSUMER_SECRET'})
};

fetch('https://dev.waftpay.io/auth/api/v1/generate-token', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_URL => "https://dev.waftpay.io/auth/api/v1/generate-token",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'consumer_key' => 'APP_CONSUMER_KEY',
'consumer_secret' => 'APP_CONSUMER_SECRET'
]),
CURLOPT_HTTPHEADER => [
"Content-Type: application/json"
],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
package main

import (
"fmt"
"strings"
"net/http"
"io"
)

func main() {

url := "https://dev.waftpay.io/auth/api/v1/generate-token"

payload := strings.NewReader("{\n \"consumer_key\": \"APP_CONSUMER_KEY\",\n \"consumer_secret\": \"APP_CONSUMER_SECRET\"\n}")

req, _ := http.NewRequest("POST", url, payload)

req.Header.Add("Content-Type", "application/json")

res, _ := http.DefaultClient.Do(req)

defer res.Body.Close()
body, _ := io.ReadAll(res.Body)

fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.post("https://dev.waftpay.io/auth/api/v1/generate-token")
.header("Content-Type", "application/json")
.body("{\n \"consumer_key\": \"APP_CONSUMER_KEY\",\n \"consumer_secret\": \"APP_CONSUMER_SECRET\"\n}")
.asString();
require 'uri'
require 'net/http'

url = URI("https://dev.waftpay.io/auth/api/v1/generate-token")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["Content-Type"] = 'application/json'
request.body = "{\n \"consumer_key\": \"APP_CONSUMER_KEY\",\n \"consumer_secret\": \"APP_CONSUMER_SECRET\"\n}"

response = http.request(request)
puts response.read_body
{
  "status": true,
  "message": "Request processed successfully",
  "token": "abcdeFGHIjklmno@1234567890...",
  "expires_in": 3600
}
{
"status": false,
"message": "Invalid consumer key or secret",
"token": "",
"expires_in": 0
}

Overview

Use this endpoint to exchange your consumer_key and consumer_secret for a short-lived Bearer token. This is a server-to-server flow and does not require an existing Bearer token.
Use this token when calling protected Waftpay APIs such as Collections, Payouts, Remittance, Checkout, Wallet Balance, and Transaction Status Query.

Environments

EnvironmentBase URL
Sandboxhttps://dev.waftpay.io
Productionhttps://waftpay.io
Sandbox and Production credentials are separate. Use Sandbox credentials on https://dev.waftpay.io and Production credentials on https://waftpay.io.

Endpoint

POST /auth/api/v1/generate-token

Full URLs

EnvironmentURL
Sandboxhttps://dev.waftpay.io/auth/api/v1/generate-token
Productionhttps://waftpay.io/auth/api/v1/generate-token

Request body

{
  "consumer_key": "APP_CONSUMER_KEY",
  "consumer_secret": "APP_CONSUMER_SECRET"
}
FieldTypeRequiredDescription
consumer_keystringYesYour product-specific consumer key.
consumer_secretstringYesYour product-specific consumer secret.

Example request

curl --request POST \
  --url https://dev.waftpay.io/auth/api/v1/generate-token \
  --header 'Content-Type: application/json' \
  --data '{
    "consumer_key": "APP_CONSUMER_KEY",
    "consumer_secret": "APP_CONSUMER_SECRET"
  }'

Example response (success)

{
  "status": true,
  "message": "Request processed successfully",
  "token": "abcdeFGHIjklmno@1234567890...",
  "expires_in": 3600
}

Response fields

FieldTypeDescription
statusbooleanIndicates whether the token request was successful.
messagestringHuman-readable response message.
tokenstringBearer token to use on protected API requests.
expires_innumberToken validity duration in milliseconds.

Using the token

Use the token in the Authorization header:
Authorization: Bearer <token>
Example:
curl --request GET \
  --url https://dev.waftpay.io/tsq/api/v1/wallet-balances \
  --header 'Authorization: Bearer <token>'

Token lifecycle

1

Generate token

Call this endpoint using your product-specific consumer credentials.
2

Cache token securely

Store the token server-side and reuse it for subsequent API requests until it expires.
3

Refresh on expiry

Generate a new token only when the current token expires or becomes invalid.

Notes

  • Use the credentials for the specific product you are calling: Payouts, Collections, Remittance, Checkout, Wallet Balance, or Transaction Status Query.
  • This endpoint does not require Bearer authentication.
  • Never expose your consumer_secret in frontend or mobile applications.
  • If you regenerate your keys, the old credentials stop working immediately.

Body

application/json
consumer_secret
string
required
consumer_key
string<password>
required

Response

Authentication token generated successfully

status
boolean
required

Indicates if the request was successful

Example:

true

message
string
required
Example:

"Request processed successfully"

token
string
required

JWT bearer token to use in Authorization header

expires_in
integer
required

Token validity in milliseconds

Example:

3600