Authentication
Overview
POSaBIT uses two different authentication methods depending on the API version:
| Version | Method | Tokens Required |
|---|---|---|
| V3 | HTTP Basic Authentication | Integrator token + Venue token |
| V1 / V2 | Bearer Token | Venue API token |
V3 Authentication (Recommended)
The v3 API requires two tokens to authenticate each request: an integrator API token and a venue API token.
Both tokens are combined using HTTP Basic Authentication:
Step 1 — Combine the tokens
integrator_api_token:venue_api_token
Step 2 — Base64 encode the combined string
echo -n "integrator_token:venue_token" | base64
Step 3 — Send in the Authorization header
Authorization: Basic {base64_encoded_tokens}
Complete curl example
curl -X GET "https://app.posabit.com/api/v3/info" \
-H "Authorization: Basic $(echo -n 'INTEGRATOR_TOKEN:VENUE_TOKEN' | base64)" \
-H "Accept: application/json"
Tip:
If you have only an integrator token, you can call
GET /api/v3/info
with the venue token part blank. This returns a list of all available venues for your integrator with their tokens.
V1 / V2 Authentication (Legacy)
The legacy API versions use a simple Bearer token in the Authorization header:
curl -X GET "https://app.posabit.com/api/v2/venue/customers" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Accept: application/json"
Note:
V1 and V2 APIs will be deprecated. Please migrate to V3 as soon as possible.
Error Responses
| Status | Description |
|---|---|
401
|
Invalid or missing authentication credentials |
403
|
Valid credentials but insufficient permissions |
404
|
Resource not found or not accessible with current token |