Skip to main content
All API requests to /v1/* endpoints require a Bearer token in the Authorization header.

Obtaining credentials

  1. Log in to the YuvexPay dashboard.
  2. Navigate to Settings > API Credentials.
  3. Click Create credential and choose the environment (sandbox or production).
  4. Save the client_id and client_secret securely.
The client_secret is shown only once at creation. Store it in a secure location like a secrets manager.

Generating a token

Exchange your credentials for an access token using the OAuth 2.0 client credentials flow: 
curl -X POST https://api.yuvexpay.com/oauth/token \
  -H "Content-Type: application/json" \
  -d '{
    "client_id": "your_client_id",
    "client_secret": "your_client_secret",
    "grant_type": "client_credentials"
  }'
Response
{
  "access_token": "ypt_abc123example",
  "token_type": "Bearer",
  "expires_in": 3600,
  "company_id": "comp_abc123",
  "company_name": "My Store"
}

Using the token

Include the token in the Authorization header of every API request: 
curl https://api.yuvexpay.com/v1/payments \
  -H "Authorization: Bearer ypt_abc123example"

Token lifecycle

PropertyValue
Expiration1 hour (3600 seconds)
Max active tokens2 per credential
Access token prefixypt_
Production client_secret prefixsk_prod_
Sandbox client_secret prefixsk_sandbox_
Tokens expire after 1 hour. Your application should generate a new token before the current one expires. If you exceed the maximum of 2 active tokens per credential, the oldest token is automatically revoked.

Environments

The same API URL (https://api.yuvexpay.com) serves both production and sandbox requests. The environment is determined by which credentials you use to generate the token:
  • Production credentials use sk_prod_* client secrets and produce ypt_* bearer tokens that process real transactions.
  • Sandbox credentials use sk_sandbox_* client secrets and produce ypt_* bearer tokens that simulate transactions without moving real money.
Use sandbox credentials during development and testing. Switch to production credentials when you’re ready to go live.