Authentication
All PPCBank APIs use Bearer Token authentication. You must obtain an Auth Token before making any API request.
Bearer Token Authentication
Include the Bearer Token in the Authorization header of every API request.
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...How to Obtain a Bearer Token
Follow these steps to generate your Auth Token before calling any API:
- Receive your credentials from PPCBank and call the Generate Auth Token API to obtain a token
- Copy the accessToken from the response
- Use the token in all subsequent API requests as: Authorization: Bearer {accessToken}
- Re-authenticate when the token expires (a 401 Unauthorized response indicates expiry)
Token Management Best Practices
- Store tokens securely: Never expose tokens in client-side code or public repositories
- Handle token expiration: Implement logic to detect expired tokens and automatically re-authenticate
- Refresh proactively: Consider refreshing tokens before they expire to avoid service interruptions
- Use HTTPS only: Always send tokens over encrypted connections