Foundations

Introduction
Auth
Models

Merchant Operations

Introduction
Transaction
Cart
Reporting
Funding
- Get settlement reportget
Models
- Transaction
- Transaction Metadata

Buyer Management

Introduction
Buyer
Models
Webhooks
- Buyer Updated Event

Checkout

Introduction
Application
Virtual Card
Models
Webhooks
- Application Updated Event
- Issuance Updated Event

Payments

Introduction
Payment Methods
Payments
Refunds
Models

Servicing

Introduction
Servicing
As Low As
- Get As-Low-Asget
- Get financing/loan-termsget
Financing Payment Plan
- Get Financing Payment Planget
Financing Dynamic Disclosure
- Get Financing Dynamic Disclosureget
Disclosures
Disclosure Templates
- Get a disclosure templateget
Webhooks
- Loan Details Changed Event

Tradein

Introduction
Tradein
Models

webhook

Introduction
Subscription Management
Events
- List eventsget
- Replay an eventpost
Client Management
- List JWKsget
Models
Webhooks
- Integration Test Event

Exchange Service Account JWT For Buyer JWT

post https://api-preview.platform.breadpayments.com/api/auth/buyer/token/exchange

This endpoint allows JWTs assigned role service, anonymous, or buyer to be exchanged for a JWT assigned role buyer. Request body parameters programID and merchantID are required if the associated claim(s) are present on the provided JWT.

Exchanging a service account JWT allows for a service account to perform actions on a user's behalf if necessary. Buyers should use the checkout flow instead (see /send/code + /buyer/authorize).

Exchanging an anonymous JWT allows for new users to login with their recently created buyer account. This is an alternative way of getting a buyer JWT for apps that cannot access the Authorization response header following buyer registration.

Exchanging a buyer JWT is a special case allowing previously unverified buyers who have recently OTP verified to upgrade their buyer account to reflect that verification.

time	status	user agent
Retrieving recent requests…

Loading…

URL Expired

The URL for this request expired after 30 days.

Body Params

buyerID

uuid

required

An identifier used to find an existing buyer.

merchantID

uuid

An identifier used to find an existing merchant.

programID

uuid

An identifier used to find an existing program.

Responses

`POST /api/auth/buyer/token/exchange`.

Response body

object

token

string

required

A JWT.

tokenExpiresAt

date-time

required

The timestamp value formatted per RFC3339. This does not allow nulls.

tokenType

string

The type of the token.

Headers

object

Authorization

string

The generated JWT.

Response body

object

reason

string

enum

Defaults to Request_Validation

Auth error reason codes

Request_Validation Not_Found Unauthenticated Unauthenticated_Retry_With_PII Unauthenticated_Buyer_Mismatch Unauthenticated_Buyer_Not_Found Invalid_Token Too_Many_Code_Attempts Too_Many_Unverified_Codes_Sent Dependency_Unavailable System_Failure Service_Unavailable

code

int32

required

The underlying http status code

message

string

required

A simple message in english describing the error and can be returned to the consumer

domain

string

required

The domain where the error is originating from as defined by the service

metadata

object

Any additional details to be conveyed as determined by the service. If present, will return map of key value pairs

Has additional fields

Response body

object

reason

string

required

A reason code specific to the service and can be used to identify the exact issue. Should be unique within a domain

code

int32

required

The underlying http status code

message

string

required

A simple message in english describing the error and can be returned to the consumer

domain

string

required

The domain where the error is originating from as defined by the service

metadata

object

Any additional details to be conveyed as determined by the service. If present, will return map of key value pairs

Has additional fields

Response body

object

reason

string

required

A reason code specific to the service and can be used to identify the exact issue. Should be unique within a domain

code

int32

required

The underlying http status code

message

string

required

A simple message in english describing the error and can be returned to the consumer

domain

string

required

The domain where the error is originating from as defined by the service

metadata

object

Any additional details to be conveyed as determined by the service. If present, will return map of key value pairs

Has additional fields

Response body

object

reason

string

enum

Defaults to Request_Validation

Auth error reason codes

code

int32

required

The underlying http status code

message

string

required

A simple message in english describing the error and can be returned to the consumer

domain

string

required

The domain where the error is originating from as defined by the service

metadata

object

Any additional details to be conveyed as determined by the service. If present, will return map of key value pairs

Has additional fields

Response body

object

reason

string

enum

Defaults to Request_Validation

Auth error reason codes

code

int32

required

The underlying http status code

message

string

required

A simple message in english describing the error and can be returned to the consumer

domain

string

required

The domain where the error is originating from as defined by the service

metadata

object

Any additional details to be conveyed as determined by the service. If present, will return map of key value pairs

Has additional fields

Updated 14 days ago

Authorize a Service Account

Create Org Codes

Language

Credentials

Bearer

JWT

URL


xxxxxxxxxx
1
curl --request POST \
2
     --url https://api-preview.platform.breadpayments.com/api/auth/buyer/token/exchange \
3
     --header 'accept: application/json' \
4
     --header 'content-type: application/json'

Click Try It! to start a request and see the response here! Or choose an example:

application/json

text/plain

Updated 14 days ago

Authorize a Service Account

Create Org Codes

200A response from a successful request to POST /api/auth/buyer/token/exchange.

400Response for Auth errors

401Unauthorized. Indicates that provided credentials is not valid

403Forbidden. Indicates that request cannot be authorized

404Response for Auth errors

503Response for Auth errors

`POST /api/auth/buyer/token/exchange`.