API keys and tokens

API keys and tokens

API integrations require a clear authorization system, and keys and tokens are the basis of this mechanism. We have implemented a flexible and secure model for managing API keys and JWT tokens, which allows you to accurately control who and how can access your system - be it cash register equipment, provider, external service or mobile application.

All calls undergo interlaced validation, are logged and filtered, and access rights can be configured with high detail.

Types of keys and tokens

Type	Description and Purpose
API Key	Unique static key for services, cash desks, trusted clients
JWT Token	Signed token with limited lifetime, built-in rights and ID
IP binding	Restrict key/token usage to specific IP addresses
Temporary tokens	One-time or short-term tokens for protected transactions
Refresh Tokens	To update sessions as part of long-term authorization

What you can set up

Roles and permissions: accessing individual methods, modules, entities
Geography or IP restrictions
Token Expiration and Renewal Rate
Token signing using HS256/ RS256
Logging of all requests with metadata (IP, time, status, headers)

Advantages

High security without loss of flexibility
Easy integration with external and internal services
Key management via admin panel or API
Full audit and history of all calls
The ability to quickly replace or revoke a key if necessary

Where especially relevant

Integrations with external services (CRM, ERP, partners)
Mobile and client applications
POS terminals and servers with limited access
Systems with increased information security requirements

API keys and tokens are a basic but critical element of secure API access. We provide robust controls to ensure your integrations are secure, manageable, and scalable.