Embedded Checkout authentication


To create a checkout instance, you need an access token from the Authentication API. To get the access token, you need your API credentials, which you can get from the Dashboard.

Authentication flow.

Authentication flow.


The authentication service URL and other service URLs are available in the API endpoints section.

  1. Generate an access token by executing a POST {peach-auth-service}/api/oauth/token request with your client ID, client secret, and merchant ID.

    curl --location --request POST '{peach-auth-service}/api/oauth/token'  
    --header 'content-type: application/json'  
        "clientId": "{{clientId}}",  
        "clientSecret": "{{clientSecret}}",  
        "merchantId": "{{merchantId}}"  
  2. The Authentication API responds with an access token.

        "access_token": "<access token>",  
        "expires_in": "<token expiry duration in seconds>",  
        "token_type": "Bearer"  
  3. Make calls to the Embedded Checkout API with the access token in the authorisation header, for example, Authorization: Bearer {access_token}.


  • You can reuse the access token from step 2 for multiple API calls.
  • When the token expires, you need to generate a new one.

See the Postman collection for more details on API authentication.

Code snippet

async function authenticate(clientId, clientSecret, merchantId) {
  let response = await fetch("<peach auth service>/api/oauth/token", {
    method: "POST",
    body: JSON.stringify({

  if (response.ok) {
    let body = await response.json();

    return body.access_token;
  } else {
    throw new Error("Unable to authenticate");

async function createCheckoutId(token, body) {
  const response = await fetch("<checkout api>/v2/checkout", {
    headers: new Headers({
      "Authentication": `bearer ${token}`,
      "origin": "<base domain for site>"
    method: "POST",
    body: JSON.stringify(body),

  if (response.ok) {
    return await response.json();
  } else {
    throw new Error("Unable to retrieve Checkout Id.");

const bearerToken = await authenticate(clientId, clientSecret, merchantId);

const checkout = await createCheckoutId(bearerToken, body);