3. Authorization (Authentication)
3.1 AccessToken Retrieval
Endpoint: POST /auth/api/token/connect
Base URL: https://pgw.netahsilatdemo.com
Request
{
"apiKey": "YOUR_API_KEY",
"secretKey": "YOUR_SECRET_KEY"
}
Response
{
"expiry": "2025-09-18T09:07:17Z",
"token": "ACCESS_TOKEN",
"type": "Bearer"
}
Request Body
| Area | Type | Mandatory | Description |
|---|---|---|---|
| apiKey | string | ✔ | Merchant-specific public key |
| secretKey | string | ✔ | Merchant-specific secret key |
Response Body
| Area | Type | Description |
|---|---|---|
| token | string | JWT token to be used in API calls |
| expiry | datetime | Token validity period |
| type | string | Token tipi (Bearer) |
Use
On all API calls
Authorization: Bearer {ACCESS\_TOKEN}
Important Notes
- If token expires → 401 Unauthorized
- Token expiry check should be done on the system side
- Automatic refresh is recommended in case of expiration