API integrations require a clear authorization system, and keys and tokens are the basis of this mechanism. We have implemented a flexible and secure model for managing API keys and JWT tokens, which allows you to accurately control who and how can access your system - be it cash register equipment, provider, external service or mobile application.
All calls go through built-in validation, are logged and filtered, and access rights can be configured with high detail.
Types of keys and tokens
| Type | Description and purpose |
|---|---|
| API Key | Unique static key for services, cash desks, trusted clients |
| JWT Token | Signed token with limited lifetime, built-in rights and ID |
| IP binding | Restrict key/token usage to specific IP addresses |
| Temporary tokens | One-time or short-term tokens for secure transactions |
| Refresh Tokens | To update long-term authorization sessions |
What you can set up
Roles and permissions: accessing individual methods, modules, entities
Geography or IP restrictions- Token Expiration and Renewal Rate
- Token signing using HS256/ RS256
- Logging of all requests with metadata (IP, time, status, headers)
Advantages
High security without loss of flexibility- Easy integration with external and internal services
- Key management via admin panel or API
- Full audit and history of all calls
- The ability to quickly replace or revoke a key if necessary
Where especially relevant
Integration with external services (CRM, ERP, partners)- Mobile and client applications
- POS terminals and servers with limited access
- Systems with increased information security requirements
API keys and tokens are the basic, but most important element of secure API access. We provide robust controls to ensure your integrations are secure, manageable, and scalable.
Popular Topics
Main Topics
Contact Us
Fill out the form below and we’ll get back to you soon.