APIs for Businesses
Home
APIs
  • Checkout/ Deeplink
  • Merchant Proxy
  • Bill24 Hosted
  • Auto Direct Debit
  • KHQR Integration Specification for API
  • Notification API
  • On Boarding Sub Biller API
Home
APIs
  • Checkout/ Deeplink
  • Merchant Proxy
  • Bill24 Hosted
  • Auto Direct Debit
  • KHQR Integration Specification for API
  • Notification API
  • On Boarding Sub Biller API
CHECKOUT/ DEEPLINKMerchant ProxyBill24 HostedAuto Direct DebitKHQR Integration Specification for APINotification API
Payment Method
CHECKOUT/ DEEPLINKMerchant ProxyBill24 HostedAuto Direct DebitKHQR Integration Specification for APINotification API
Payment Method
  1. Authorization
  • Notification API
    • Overview
    • Full Example
    • Authorization
      • Authorization
        POST
    • Notification Channel
      • SMS
      • Telegram
      • Email
  1. Authorization

Authorization

POST
https://merchantapi.bill24.io/merchantsecurity/authorize
Authorization
To access the API, you need to provide a Bearer token for authorization. You can obtain this token through the Security API.
Steps to Obtain the Bearer Token
1.
Send a request to the Security API with the specified request body.
2.
Get the token from the response.
3.
Use this token as a Bearer token in the authorization header for all API requests.
Note refreshToken is optional and can be used with clientId and secret to get a new token when the current one expires.

Request

Body Params application/json
token
string 
required
Provide by Bill24
clientId
string 
required
Provide by Bill24
secret
string 
required
Provide by Bill24
refreshToken
string 
optional
optional
Example
{
  "token": "88b71260-f630-4b03-914",
  "clientId": "supplier_client",
  "secret": "q<8X8Eu4,Lr[4sxn",
  "refreshToken": ""
}

Request samples

Shell
JavaScript
Java
Swift
Go
PHP
Python
HTTP
C
C#
Objective-C
Ruby
OCaml
Dart
R
Request Request Example
Shell
JavaScript
Java
Swift
curl --location --request POST 'https://merchantapi.bill24.io/merchantsecurity/authorize' \
--header 'Content-Type: application/json' \
--data-raw '{ "token": "88b71260-f630-4b03-914", "clientId": "supplier_client", "secret": "q<8X8Eu4,Lr[4sxn", "refreshToken": ""}'

Responses

🟢200Success
application/json
Body
code
string 
optional
Success status of the request.
message
string 
optional
message provided
data
object 
required
issuer
string 
required
The URL where the token was issued
token
string 
required
The Bearer token used for API requests
refreshToken
string 
required
Token used to get a new access token.
tokenExpireTime
string 
optional
The time when the token expires.
Example
{
  "code": 200,
  "message": "",
  "data": {
    "issuer": "http://192.168.197.18:22030",
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.S3KrEtOk1N7ahkysNBaa7yD7QEjFVr8k8Coxxbs90uA",
    "refreshToken": "d1f6d2f0b1a643c78578860b74a6b7bb5b0f95a4f9706b8e9d7bfe6a639bde8f",
    "tokenExpireTime": "2025-03-03T16:58:46.9386571+07:00"
  }
}
🟠400Invalid input
Previous
Full Example
Next
SMS