Admin endpoints use Bearer tokens obtained via the login endpoint. Application endpoints use API key authentication via headers api-key and secret-key.
Test mode secret keys have the prefix hpay_test_ and live mode secret keys have the prefix hpay_live_. Alternatively, you can use restricted API keys for granular permissions.
/api/v1/admin/login/Authenticate an admin and get access and refresh tokens. Use the access token as Bearer for admin-only endpoints.
curl -X POST "https://api.hostpay.com/api/v1/admin/login/" \-H "Content-Type: application/x-www-form-urlencoded" \-d "username=admin@example.com&password=your_password"