APIs for Businesses
Home
APIs
  • Checkout/ Deeplink
  • Merchant Proxy
  • Bill24 Hosted
  • Auto Direct Debit
  • KHQR Integration Specification for API
  • Notification API
  • On Boarding Sub Biller API
Home
APIs
  • Checkout/ Deeplink
  • Merchant Proxy
  • Bill24 Hosted
  • Auto Direct Debit
  • KHQR Integration Specification for API
  • Notification API
  • On Boarding Sub Biller API
CHECKOUT/ DEEPLINK
Merchant ProxyBill24 HostedAuto Direct DebitKHQR Integration Specification for APINotification APIPayment Method
CHECKOUT/ DEEPLINK
Merchant ProxyBill24 HostedAuto Direct DebitKHQR Integration Specification for APINotification APIPayment Method
  1. CHECKOUT/ DEEPLINK
  • CHECKOUT/ DEEPLINK
    • Overview
    • Webhook
    • Full Example
    • FAQ
    • Flutter SDK
    • MOBILE SDKS
      • iOS SDK
      • Android SDK
    • WEB SDKS
      • Web SDK
    • Authorization
      POST
    • Transaction Initiation
      POST
    • Transaction Verification
      POST
    • Webhook
      POST
  1. CHECKOUT/ DEEPLINK

Authorization

POST
https://merchantapi-demo.bill24.io/merchantsecurity/authorize
This endpoint is used to authorize users to obtain a token for accessing the API.
NOTE
Merchant is required to initiate an authorization process to obtain a token for accessing all API endpoints.
if token expired you can use refreshToken to get new token.
Required fields: client_id secret refreshToken

Request

Header Params
Accept
string 
required
Example:
application/json
Content-Type
string 
required
Example:
application/json
Body Params application/json
token
string 
required
Merchant token (provided by Bill24)
clientId
string 
required
ClientId (provided by Bill24)
secret
string 
required
Secret (provided by Bill24)
refreshToken
string 
optional
Refresh Token is used to extend the expiration date without requiring a token.
Example
{
  "token": "3687203e-1cf4-43de-8a1c-c2192248132a",
  "clientId": "supplier_client",
  "secret": "q<8X8Eu4,Lr[4sxn",
  "refreshToken": ""
}

Request samples

Shell
JavaScript
Java
Swift
Go
PHP
Python
HTTP
C
C#
Objective-C
Ruby
OCaml
Dart
R
Request Request Example
Shell
JavaScript
Java
Swift
curl --location --request POST 'https://merchantapi-demo.bill24.io/merchantsecurity/authorize' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data-raw '{
    "token": "3687203e-1cf4-43de-8a1c-c2192248132a",
    "clientId": "supplier_client",
    "secret": "q<8X8Eu4,Lr[4sxn",
    "refreshToken": ""
}'

Responses

🟢200OK
application/json
Body
code
integer 
optional
Response code
message
string 
optional
Response message
data
object 
required
issuer
string 
required
The URL where the token was issued
token
string 
required
The Bearer token used for API requests
refreshToken
string 
required
The token is used to obtain a new access token when the current one expires.
tokenExpireTime
string 
required
The time when the token expires.
Example
{
  "code": 200,
  "message": "",
  "data": {
    "issuer": "http://192.168.197.18:23030",
    "token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjZCOUY3RDZBMjA2MTQxQzkzQ0I2NEVFNjRGOTBBNUQwQTQzO",
    "refreshToken": "65EE30E135B51D343F077738345CBDEEA66A3A796494F172DCF2EE6C9C1E0B7B",
    "tokenExpireTime": "2024-06-24T14:46:07.8930774+07:00"
  }
}
🟠404Record not found
🟠400Invalid input
Modified at 2025-03-20 07:57:37
Previous
Web SDK
Next
Transaction Initiation