Authentication
2.1 Creating an AccessToken
A valid AccessToken must be obtained before any request to VPWS services.
What is an AccessToken?
It is a security key that must be obtained before sending requests to the API and validates the dealer identity.
It must be renewed when it expires. Otherwise, requests receive a 401 Unauthorized error.
Prerequisites
License Definition
The VPWS API license must be active in the Customers and Dealers → Dealer Payment Service Information tab.
Service Permissions
- The relevant endpoints must be active in the "Dealer Payment Service Information" tab.
- Minute and Request limits of
0indicate unlimited usage.
API Keys
| Field | Description |
|---|---|
ApiKey | Key assigned on a per-dealer basis |
SecretKey | Secret key provided to the dealer representative |
AccessToken Acquisition Service
- Address:
/auth/api/token/connect - Method:
POST
- Example Request
- Example Response
{
"apiKey": "DEALER_API_KEY",
"secretKey": "DEALER_SECRET_KEY"
}
{
"expiry": "2025-09-18T09:07:17.6884225Z",
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"type": "Bearer"
}
2.2 Token Expiry and Renewal
Token Validity Period
- AccessToken is valid for 24 hours.
- All requests made with an expired token return
401 Unauthorized.
Token Renewal
When the token expires, a new token must be obtained using the same ApiKey and SecretKey.
It is recommended that the system
- Checks the token expiry
- Automatically renews it if expired
- Then resends the request.
Usage Format
The token must be sent in the following format with every request
Authorization: Bearer {AccessToken}