Skip to main content
POST
/
v1
/
auth
/
token
Issue a Meridian Accounts access token
curl --request POST \
  --url https://sandbox-api.va.meridianpay.com/v1/auth/token \
  --header 'Content-Type: application/json' \
  --header 'X-Meridian-Api-Key: <x-meridian-api-key>' \
  --header 'X-Meridian-Program-Id: <x-meridian-program-id>' \
  --header 'X-Meridian-Signature: <x-meridian-signature>' \
  --header 'X-Meridian-Timestamp: <x-meridian-timestamp>' \
  --data '
{
  "grant_type": "client_credentials"
}
'
{
  "access_token": "access_token_abc123",
  "expires_in": 3600,
  "token_type": "Bearer",
  "refresh_token": "refresh_token_abc123",
  "scope": "enrollment:get enrollment:activate",
  "issued_token_type": "urn:ietf:params:oauth:token-type:access_token"
}

Headers

X-Meridian-Program-Id
string
required

Identifies the program context for the request. Required for server-to-server (HMAC) authentication. See Authentication.

X-Meridian-User-Id
string

Identifies the Meridian user targeted by the request. Required for server-to-server (HMAC) authentication with MULTI_USER integrations; omit for SINGLE_USER. See Authentication.

X-Meridian-Api-Key
string
required

Partner API key issued by Meridian during provisioning. Required for server-to-server (HMAC) authentication. See Authentication.

X-Meridian-Timestamp
string
required

Current time in milliseconds since the Unix epoch. Must be within 60 seconds of the request. Required for server-to-server (HMAC) authentication. See Authentication.

X-Meridian-Signature
string
required

HMAC SHA-256 signature of the canonical request string, computed per request. Required for server-to-server (HMAC) authentication. See Authentication for how to construct it.

Body

application/json

Either a client_credentials or refresh_token grant payload

OAuth token request payload for Meridian Accounts authentication

grant_type
string

OAuth grant type

Example:

"client_credentials"

Response

The issued access and refresh tokens

OAuth token response for Meridian Accounts authentication

access_token
string
required

Bearer access token

Example:

"access_token_abc123"

expires_in
integer
required

Lifetime of the access token in seconds

Example:

3600

token_type
string

Type of token returned

Example:

"Bearer"

refresh_token
string | null

Refresh token that can be exchanged for a new access token

Example:

"refresh_token_abc123"

scope
string | null

Space-delimited scopes granted to the access token

Example:

"enrollment:get enrollment:activate"

issued_token_type
string

URN describing the type of issued token

Example:

"urn:ietf:params:oauth:token-type:access_token"