The Payment API 2.0 and additional services using the OAuth 2.0 protocol with JSON Web Tokens (JWT) for authentication and authorization. Ratepay will provide you with a set of credentials (client ID and client secret).


The credentials must be handled with care and confidentiality. They are not to be disclosed to any third parties.

To send a request, perform the following steps:

  1. Request an access token from the Ratepay authorization server.
  2. Extract the token from the response.
  3. Include the token in the request to the Payment API or additional service.

Do re-use the token for all requests (Payment API 2.0 and additional services) within it’s validity.
Validity (in seconds) can be also found in the response.

authentication flow