The Payroc API uses Bearer tokens to authenticate requests. To generate a Bearer token, include your API token in the 'x-api-key' parameter in the header of a request to the Payroc Identity Service.

API key best practices

  • Grant API keys with the least amount of privilege to carry out target tasks.
  • Do not share API keys.
  • Do not use API keys in publicly accessible areas, for example, client-side code.
Use HTTPS for all requests to the Payroc API. We reject all HTTP requests, and all requests that are not properly authenticated.


Identity Service endpoint:
curl --location --request POST '' --header 'x-api-key: <api key>'


"access_token": "eyJhbGc....adQssw5c",
"expires_in": 3600,
"scope": "service_a service_b",
"token_type": "Bearer"
Include the access_token as a Bearer token in all future requests to the Payroc API, for example:


-H "Authorization: Bearer <access token>"