Skip to main content
POST
/
auth
/
token
Generate Access Token
curl --request POST \
  --url https://api.fyatu.com/api/v3/auth/token \
  --header 'Content-Type: application/json' \
  --data '
{
  "appId": "A1B2C3D4E5F6G7H8",
  "secretKey": "your_secret_key_here",
  "grantType": "client_credentials"
}
'
{
  "success": true,
  "status": 200,
  "message": "Token generated successfully",
  "data": {
    "accessToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJBMUIyQzNENEU1RjZHN0g4IiwiYnVzIjoiTjFTMFczUThQMFYxRTVNNlE0UjNEOFo5IiwidHlwZSI6ImNvbGxlY3Rpb24iLCJzY29wZXMiOlsiY29sbGVjdDp3cml0ZSIsImNvbGxlY3Q6cmVhZCIsInBheW91dDp3cml0ZSIsInBheW91dDpyZWFkIl0sImlhdCI6MTczNjA3NTgwMCwiZXhwIjoxNzM2MTYyMjAwLCJqdGkiOiJqd3RfOWYzZTJhMWI0YzVkNjdlOCJ9.xK2pM7nV3wL8qR5tY0sF4gH9jB6eA1cD3uW2iZ8vX0mN",
    "tokenType": "Bearer",
    "expiresIn": 86400,
    "expiresAt": "2026-01-06T10:30:00+00:00",
    "appType": "collection",
    "scopes": [
      "collect:write",
      "collect:read",
      "payout:write",
      "payout:read"
    ]
  },
  "meta": {
    "requestId": "req_9f3e2a1b4c5d67e8",
    "timestamp": "2026-01-05T10:30:00+00:00"
  }
}
Getting Your Credentials: Login to FYATU Dashboard → Business Console → Select App → Settings → API Keys & Credentials

Overview

Exchange your app credentials (appId and secretKey) for a JWT access token. This token is required to authenticate all other V3 API requests.

Token Details

PropertyValue
Token TypeJWT (HS256)
Expiry24 hours (86400 seconds)
Refresh WindowUp to 5 minutes after expiry

Scopes by App Type

ScopeDescription
collect:writeCreate checkout sessions, process payments
collect:readView collection transactions
payout:writeSend payouts
payout:readView payout transactions

Using the Token

Once you have an access token, include it in the Authorization header for all API requests: 
curl -X GET https://api.fyatu.com/api/v3/collections \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

Error Codes

CodeDescription
VALIDATION_ERRORMissing or invalid request parameters
AUTH_INVALID_CREDENTIALSApp not found or secret key mismatch
AUTH_APP_INACTIVEApp is suspended or archived
Store tokens securely and track the expiresAt timestamp. Refresh tokens proactively before they expire to ensure uninterrupted API access.

Body

application/json
appId
string
required

Your app ID (16 characters)

Minimum string length: 8
Example:

"DD123FR45446CECES"

secretKey
string
required

Your app secret key

Minimum string length: 16
Example:

"your_secret_key_here"

grantType
enum<string>
default:client_credentials
required

OAuth grant type (must be 'client_credentials')

Available options:
client_credentials
Example:

"client_credentials"

Response

Token generated successfully

success
boolean
Example:

true

status
integer
Example:

200

message
string
Example:

"Token generated successfully"

data
object
meta
object