Paypack uses a JWT token to authenticate requests. The token is obtained by logging in to the Paypack dashboard and creating an application. The token is then passed in the Authorization header of all requests.
An application is a way developers and other companies consume Paypack payment system via an Application programming interface (API). Applications can be created with different privileges, such as read only, read & write, cashin or cashout.
After creating an application, a set of client_id and client_secret values is generated, which is useful in API authentication.
For security reasons, the client_secret is only displayed once after creation, so make sure you copy it. An application is authenticated using client_id and client_secret.
${ BASE_URL } / auth / agents / authorize
Copy to clipboard Field Type Description Accept string application/json Content-Type string application/json
Field Type Description client_id string The client_id of the application. client_secret string The client_secret of the application.
cURL curl --location --request POST 'https://payments.paypack.rw/api/auth/agents/authorize' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data-raw '{
"client_id": "xxxxx-xxxx-xxxx-xxxx-xxxxxxx",
"client_secret": "xxxxxxxxxxxxxxxxxxxx"
}'
Copy to clipboard Go package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://payments.paypack.rw/api/auth/agents/authorize"
method := "POST"
payload := strings.NewReader(`{
"client_id": "xxxxx-xxxx-xxxx-xxxx-xxxxxxx",
"client_secret": "xxxxxxxxxxxxxxxxxxxx"
}`)
client := &http.Client {
}
req, err := http.NewRequest(method, url, payload)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Accept", "application/json")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := ioutil.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}
Copy to clipboard JavaScript var request = require ( 'request' );
var options = {
'method' : 'POST' ,
'url' : 'https://payments.paypack.rw/api/auth/agents/authorize' ,
'headers' : {
'Content-Type' : 'application/json' ,
'Accept' : 'application/json'
},
body: JSON . stringify ({
"client_id" : "xxxxx-xxxx-xxxx-xxxx-xxxxxxx" ,
"client_secret" : "xxxxxxxxxxxxxxxxxxxx"
})
};
request (options, function ( error , response ) {
if (error) throw new Error (error);
console. log (response.body);
});
Copy to clipboard PHP
<?php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => 'https://payments.paypack.rw/api/auth/agents/authorize',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'POST',
CURLOPT_POSTFIELDS =>'{
"client_id": "xxx-xxx-xxx-xxx",
"client_secret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}',
CURLOPT_HTTPHEADER => array(
'Content-Type: application/json'
),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
Copy to clipboard Python import requests
import json
url = "https://payments.paypack.rw/api/auth/agents/authorize"
payload = json.dumps({
"client_id": "xxxxx-xxxx-xxxx-xxxx-xxxxxxx",
"client_secret": "xxxxxxxxxxxxxxxxxxxx"
})
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json',
}
response = requests.request("POST", url, headers=headers, data=payload)
Copy to clipboard {
"access" : "xxxxxxxxxxxxxxxxxxxx" ,
"refresh" : "xxxxxxxxxxxxxxxxxxxx" ,
"expires" : "xxxxxxxx"
}
Copy to clipboard A refresh token is a credential artifact that lets a client application get new access tokens without having to ask the user to log in again. Access tokens typically last for 15 minutes afterwards they need to be refreshed again.
${ BASE_URL } / auth / agents / refresh / {refresh_token}
Copy to clipboard Field Type Description Accept string application/json Content-Type string application/json
Field Type Description refresh_token string The refresh token.
cURL curl --location --request GET 'https://payments.paypack.rw/api/auth/refresh/{refresh_token}' \
--header 'Accept: application/json'
Copy to clipboard Go package main
import (
"fmt"
"net/http"
"io/ioutil"
)
func main() {
url := "https://payments.paypack.rw/api/auth/refresh/{your_refresh_token}"
method := "GET"
client := &http.Client {
}
req, err := http.NewRequest(method, url, nil)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Accept", "application/json")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := ioutil.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}
Copy to clipboard JavaScript var request = require ( 'request' );
var options = {
'method' : 'GET' ,
'url' : 'https://payments.paypack.rw/api/auth/refresh/{your_refresh_token}' ,
'headers' : {
'Accept' : 'application/json'
}
};
request (options, function ( error , response ) {
if (error) throw new Error (error);
console. log (response.body);
});
Copy to clipboard PHP <?php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => 'https://payments.paypack.rw/api/auth/refresh/{refresh_token}',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'GET',
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
Copy to clipboard Python import requests
url = "https://payments.paypack.rw/api/auth/refresh/{your_refresh_token}"
payload={}
headers = {
'Accept': 'application/json'
}
response = requests.request("GET", url, headers=headers, data=payload)
print(response.text)
Copy to clipboard {
"access" : "xxxxxxxxxxxxxxxxxxxx" ,
"refresh" : "xxxxxxxxxxxxxxxxxxxx" ,
"expires" : "xxxxxxxx"
}
Copy to clipboard