Authentication Overview
The DCash API uses a two-level authentication system to ensure secure access:1
Merchant Authentication
API requests are authenticated using your merchant API key via the
x-api-key header2
User Authentication
For user-specific operations, a user token is required via the
Authorization header with the format Bearer {token}How It Works
Tokens are obtained through the OAuth authorization flow. Here’s the complete process:1
Initiate OAuth Flow
Your application redirects the user to the DCash authorization endpoint
2
User Authenticates
User logs in with their DCash credentials and approves access permissions
3
Receive Token
Upon successful authentication, DCash sends an authorization token to your pre-registered webhook endpoint
4
User Redirected
The user is redirected back to your specified redirect URL
Authorization Headers
Merchant API Key
Include your merchant API key in all requests:User Token
For user-specific operations, include the user’s authorization token:Token Management
- Store securely: Use appropriate encryption when storing tokens
- Use HTTPS: Always use HTTPS for redirect URLs
- Validate redirects: Ensure redirect URLs match your expected domain
- Handle revocation: Users can revoke tokens through the DCash app or website
- Re-authenticate: If a token becomes invalid, repeat the authorization flow
Getting Started
To implement authentication in your application:- Register your application to receive your merchant API key
- Configure your webhook URL in your merchant account settings
- Implement the OAuth flow using the Authentication endpoint
Ready to implement? Check out the OAuth Login endpoint documentation.