Drop Docs

Authentication

Merchant systems authenticate separately from portal users. Use client credentials for API access and bearer tokens for subsequent requests.

Client credentials flow

Create an API app in the portal, keep the client secret secure, exchange credentials for an access token, and rotate secrets through the portal when needed.

Request an access token

bash

curl -X POST https://api.dropsa.co.za/oauth/token \
  -H "Content-Type: application/json" \
  -d '{
    "client_id": "drop_app_client_id",
    "client_secret": "drop_app_secret"
  }'

Use the token

bash

curl https://api.dropsa.co.za/v1/orders/ord_123 \
  -H "Authorization: Bearer <access_token>"