For a quick start using the Paymo API, you can use HTTP Basic authentication with your email and password info:
curl -u email:password
-H 'Accept: application/json'
https://app.paymoapp.com/api/clientsMost HTTP client applications support HTTP Basic authentication out of the box.
When using Paymo API with a third-party software, we recommend you using API Keys instead of asking for user's email/password.
API Keys can be generated from the Paymo application, on the My Account page.
Using an API Key is similar to Basic Auth, but instead of providing the email/password, you provide the API Key as the username and any text for the password.
For example:
curl -u YOUR_API_KEY:SOME_RANDOM_TEXT
-H 'Accept: application/json'
https://app.paymoapp.com/api/meAnother way to authenticate the API requests are by using session tokens. This token is sent by an HTTP header named X-Session
curl -H 'X-Session: abcdef01234567890'
-H 'Accept: application/json'
https://app.paymoapp.com/api/clients Anyone using the session token has the same access level as the user for whom the session token was created.
Session tokens are creating by making a POST request to
https://app.paymoapp.com/api/sessions
When making this request, you have to use HTTP Basic authentication or an API Key.
Sample request:
curl -u email:password
-H 'Accept: application/json'
https://app.paymoapp.com/api/sessionsSample response:
{
"sessions": [
{
"id": "9762c607ec2b5d9e13c423cbafeb7ec8",
"ip": "10.0.2.2",
"expires_on": "2015-02-16T13:54:41Z",
"created_on": "2015-01-16T13:54:41Z",
"updated_on": "2015-01-16T13:54:41Z",
"user_id": 1234
}
]
}A session token has an expiration date, after which it will be no longer valid.
When you want to end a session and make its token invalid, make a DELETE request to:
https://app.paymoapp.com/api/sessions/[SessionID]