API integrations require a clear authorization system, and keys and tokens are the basis of this mechanism. We have implemented a flexible and secure model for managing API keys and JWT tokens, which allows you to accurately control who and how can access your system - be it cash register equipment, provider, external service or mobile application.
All calls go through built-in validation, are logged and filtered, and access rights can be configured with high detail.
Types of keys and tokens
| Type | Description and purpose |
|---|---|
| API Key | Unique static key for services, cash desks, trusted clients |
| JWT Token | Signed token with limited lifetime, built-in rights and ID |
| IP binding | Restrict key/token usage to specific IP addresses |
| Temporary tokens | One-time or short-term tokens for protected transactions |
| Refresh Tokens | To update long-term authorization sessions |
What you can set up
Roles and permissions: accessing individual methods, modules, entities
Geography or IP restrictions
Token Expiration and Renewal Rate
Token signing using HS256/ RS256
Logging of all requests with metadata (IP, time, status, headers)
Advantages
High security without loss of flexibility
Easy integration with external and internal services
Key management via admin panel or API
Full audit and history of all calls
The ability to quickly replace or revoke a key if necessary
Where especially relevant
Integrations with external services (CRM, ERP, partners)
Mobile and client applications
POS terminals and servers with limited access
Systems with increased information security requirements
API keys and tokens are a basic but critical element of secure API access. We provide robust controls to ensure your integrations are secure, manageable, and scalable.