Skip to main content

Documentation Index

Fetch the complete documentation index at: https://api.corpay.com/llms.txt

Use this file to discover all available pages before exploring further.

Overview

All API requests must be authenticated using a bearer token (JWT).
  • Protocol: HTTPS
  • Authentication: Bearer token
  • Header: Authorization

Base URL

<BASE_URL> Use the appropriate base URL for your environment:
  • Test: https://apigwuat.corpay.com
Production URL will be provided after successful onboarding and testing.

Getting Access Token

To access the API, you must first obtain an access token. This requires a client_id and client_secret, which Corpay provides after onboarding is complete. Endpoint: POST <BASE_URL>/keycloak/realms/longship/protocol/openid-connect/token

Request

# Replace <BASE_URL> with the appropriate host for your environment

curl "<BASE_URL>/keycloak/realms/longship/protocol/openid-connect/token" \
  --header 'accept: application/json' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data-urlencode 'grant_type=client_credentials' \
  --data-urlencode 'client_id=your_client_id' \
  --data-urlencode 'client_secret=your_client_secret'

Response

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia----",
  "expires_in": 36000,
  "refresh_expires_in": 0,
  "token_type": "Bearer",
  "not-before-policy": 0,
  "scope": "profile email"
}

Using the Access Token

Include the token in every request header: 
Authorization: Bearer <access_token>
  • In test, tokens may have a longer lifetime, for example 36000 seconds.
  • In production, tokens typically expire after 3600 seconds, or one hour.