Create access token

Exchange an API key's client secret for a Bearer JWT access token. Pass the returned access_token as Authorization: Bearer <token> on every other endpoint.

Tokens are valid for 60 minutes. Cache them on your backend — this endpoint is rate limited to 10 requests per minute.

The client secret is a long-lived credential. Only ever send it from a backend you control.

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

grant_type*string

Must be the literal string client_credentials.

Value in"client_credentials"

client_secret*string

The secret shown once when the API key was created. Store on your backend only.

client_id?string

Optional. If present, must match the client_id for this API key. You can authenticate with the client secret alone.

Response Body

`application/json`

curl -X POST "https://payment-api.openfinance.aryze.io/v1/auth/token" \  -H "Content-Type: application/json" \  -d '{    "grant_type": "client_credentials",    "client_secret": "cs_live_abc123..."  }'

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "environment": "live"
}

{
  "error": "unsupported_grant_type",
  "error_description": "Only 'client_credentials' grant type is supported"
}

{
  "error": "invalid_client",
  "error_description": "Invalid client credentials"
}

{
  "error": "account_frozen",
  "error_description": "Your account has been frozen due to unpaid invoices. Please contact support or pay outstanding invoices to restore access.",
  "freeze_reason": "unpaid_invoices",
  "frozen_at": "2026-04-10T09:00:00Z"
}

Empty

{
  "error": "invalid_client",
  "error_description": "string"
}

Create access token

Request Body

Response Body

200application/json

400application/json

401application/json

403application/json

429

500application/json

`application/json`

`application/json`

`application/json`

`application/json`

`application/json`