Skip to main content

Obtain your API credentials

Once your application is created in the Developer Console, select it to find its API Key, User ID, and Account ID.
Where to find them: the Developers page, inside the application you created. These credentials power API key authorization — primarily administrative calls and generating user access tokens.
Obtain API credentials Every Fluz API request uses a user access token in the Authorization header. You mint the token from your application’s clientId and clientSecret by calling the generateUserAccessToken mutation against the OAuth service.

Generate an access token

The response contains an access token, its lifetime, and the scopes it carries:

Use the token

Attach the token to every GraphQL request against the transactional graph:
Never ship clientSecret values to a browser or mobile client. Mint access tokens server-side and forward only the token to the client if you must.

Refresh before expiry

Access tokens are short-lived. Request a new one before the current one expires — don’t wait for a 401. See Refresh an Expired Access Token for the exact call, and Authentication for the full flow, including OAuth grants for customer-scoped tokens.

Next steps

Quickstart: your first gift card purchase

Run the full happy path end to end — deposit funds, buy a gift card, and reveal it in the sandbox.

Refresh an expired token

Swap a refresh token for a new access token without re-running the credential flow.