Skip to main content

Authentication Overview

The DCash API uses a two-level authentication system to ensure secure access:
1

Merchant Authentication

API requests are authenticated using your merchant API key via the x-api-key header
2

User Authentication

For user-specific operations, a user token is required via the Authorization header with the format Bearer {token}

How It Works

Tokens are obtained through the OAuth authorization flow. Here’s the complete process:
1

Initiate OAuth Flow

Your application redirects the user to the DCash authorization endpoint
2

User Authenticates

User logs in with their DCash credentials and approves access permissions
3

Receive Token

Upon successful authentication, DCash sends an authorization token to your pre-registered webhook endpoint
4

User Redirected

The user is redirected back to your specified redirect URL

Authorization Headers

Merchant API Key

Include your merchant API key in all requests: 
x-api-key: YOUR_MERCHANT_API_KEY

User Token

For user-specific operations, include the user’s authorization token: 
Authorization: Bearer {user_token}

Token Management

Tokens are sensitive credentials. Follow these best practices:
  • Store securely: Use appropriate encryption when storing tokens
  • Use HTTPS: Always use HTTPS for redirect URLs
  • Validate redirects: Ensure redirect URLs match your expected domain
  • Handle revocation: Users can revoke tokens through the DCash app or website
  • Re-authenticate: If a token becomes invalid, repeat the authorization flow

Getting Started

To implement authentication in your application:
  1. Register your application to receive your merchant API key
  2. Configure your webhook URL in your merchant account settings
  3. Implement the OAuth flow using the Authentication endpoint
Ready to implement? Check out the OAuth Login endpoint documentation.