Mint a WebSocket Token

Mint a short-lived ws_token for browser/mobile websocket auth

curl --request POST \
  --url https://api-beta.pepay.io/api/v1/ws/token \
  --header 'Content-Type: application/json' \
  --header 'x-api-key: <api-key>' \
  --data '
{
  "scope": "merchant",
  "ttl_seconds": 60
}
'

{
  "success": true,
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "scope": "merchant",
    "merchant_id": 123,
    "network_environment": null,
    "expires_at": "2025-12-21T12:34:56.000Z",
    "ws_url": "wss://api-beta.pepay.io/ws/merchant/events"
  }
}

POST

api

token

Mint a short-lived ws_token for browser/mobile websocket auth

curl --request POST \
  --url https://api-beta.pepay.io/api/v1/ws/token \
  --header 'Content-Type: application/json' \
  --header 'x-api-key: <api-key>' \
  --data '
{
  "scope": "merchant",
  "ttl_seconds": 60
}
'

{
  "success": true,
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "scope": "merchant",
    "merchant_id": 123,
    "network_environment": null,
    "expires_at": "2025-12-21T12:34:56.000Z",
    "ws_url": "wss://api-beta.pepay.io/ws/merchant/events"
  }
}

Overview

Use this endpoint to mint a short-lived token for WebSocket authentication. Tokens are scoped (merchant or commerce) and can be issued with a TTL.

Authentication

Server auth: x-api-key (merchant) or x-commerce-api-key (commerce)

Request

SDK

const wsToken = await pepay.ws.token.mint({ scope: 'merchant', ttlSeconds: 60 });

cURL

curl -X POST "https://api-beta.pepay.io/api/v1/ws/token" \
  -H "x-api-key: pk_..." \
  -H "Content-Type: application/json" \
  -d '{"scope":"merchant","ttl_seconds":60}'

Response

{
  "success": true,
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "scope": "merchant",
    "merchant_id": 123,
    "network_environment": null,
    "expires_at": "2025-12-21T12:34:56.000Z",
    "ws_url": "wss://api-beta.pepay.io/ws/merchant/events"
  }
}

Errors

400 invalid scope/ttl (or scope mismatch for the provided API key type)
401 invalid API key

Examples

Connect to merchant events with the minted token:

const { data } = (await pepay.ws.token.mint({ scope: 'merchant' })) as any;
const wsUrl = `${process.env.PEPAY_WS_URL ?? 'wss://api-beta.pepay.io'}/ws/merchant/events?token=${data.token}`;
console.log(wsUrl);

Next: Search commerce products

Authorizations

x-api-key

string

header

required

API key for server-to-server operations (scope=merchant or commerce)

Body

application/json

scope

enum<string>

Available options:

merchant,

commerce

ttl_seconds

integer

Example:

60

Response

Token minted

Standard ws_token mint response envelope.

success

boolean

Example:

true

data

object

Minted ws_token payload. Use data.token as token=<ws_token> when connecting to /ws/* streams.

Show child attributes

⌘I

Overview

Merchant

Tokens

Commerce

Payor

WebSockets

Webhooks

Mint a WebSocket Token

Overview

Authentication

Request

SDK

cURL

Response

Errors

Examples

Authorizations

Body

Response

Overview

Merchant

Tokens

Commerce

Payor

WebSockets

Webhooks

​Overview

​Authentication

​Request

​SDK

​cURL

​Response

​Errors

​Examples

Authorizations

Body

Response

Overview

Authentication

Request

SDK

cURL

Response

Errors

Examples