1Authentication
All requests to the SaligPay API require authentication using OAuth 2.0. You must first obtain an access token which is then used in subsequent API calls.
Authentication Endpoints
| Endpoint | Method | Description |
|---|---|---|
| /api/oauth/token | POST | Issue an OAuth access token for server-side API calls. |
Authenticate and Get Access Token
To authenticate and obtain an access token, make a POST request to the authentication endpoint with your client credentials.
RequestPOST /api/oauth/token
curl -X POST "https://api.saligpay.com/api/oauth/token" \
-H "Content-Type: application/json" \
-d '{
"client_id": "YOUR_CLIENT_ID",
"client_secret": "YOUR_CLIENT_SECRET",
"grant_type": "client_credentials"
}'Token Management Utility
For efficient token management, we recommend implementing a utility that handles token storage, refreshing, and validation:
Token Cache Helper (TypeScript)
let token: string | null = null;
let tokenExpiresAt = 0;
export async function getAccessToken() {
if (token && Date.now() < tokenExpiresAt) return token;
const res = await fetch("https://api.saligpay.com/api/oauth/token", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
client_id: process.env.SALIGPAY_CLIENT_ID,
client_secret: process.env.SALIGPAY_CLIENT_SECRET,
grant_type: "client_credentials",
}),
});
const data = await res.json();
token = data.access_token;
tokenExpiresAt = Date.now() + (data.expires_in - 60) * 1000;
return token;
}Security Notes:
• Store client secrets only on trusted server environments.
• Never expose access tokens in browser-local storage for production traffic.
• Refresh tokens before expiry to avoid request spikes and retries.