Authentication is initially done via API Key and API Secret.
You will receive an access_token
which is valid for 24 hours and a refresh_token
which is valid for 48 hours. You can use this to re-authenticate on an ongoing basis.
If you run into a 401
response, simply re-authenticate via API Key and Secret.
Re-authentication should not happen on every request as this would unnecessarily delay the checkout process.
For requests on the authentication endpoints we recommend a timeout of 3-4 seconds.