Drop developers
Authentication
Drop separates human portal access from system-to-system integration access.
Verified account first
Integration access starts from a verified merchant or sender account with accountable ownership.
Private app credentials
System credentials are issued only after approval and should be stored by the merchant backend, never in browser code.
Scoped access
Access is limited to the merchant or workflow it belongs to, so integrations cannot see unrelated Drop activity.
Credential rotation
Drop expects credentials to be rotated when teams, systems, or security posture changes.
Access notes
No public credential examples or token request examples are published here.
Approved implementation instructions are available inside verified Drop workspaces.
Private implementation
Need the full integration guide?
Detailed request examples, credentials, webhook verification material, and production setup steps are shared only inside verified Drop accounts.