Before using the Carusell API, you must obtain API credentials (login and password) from our Support Team. These credentials are required to generate an access token and authenticate your requests.
To receive your API credentials, please contact our Support Team: [email protected].
You will be issued separate credentials for each:
Sandbox credentials are used for testing your integration in a safe environment.
Production credentials are used for live payment processing and must be handled securely.
Step 2. Authentication & Authorization
Getting Access and Refresh Tokens
Authentication in the Carusell API is based on a token system. It follows the OAuth 2.0 framework, specifically the Resource Owner Password Credentials grant type, where tokens are issued in exchange for company credentials. When you log in using your company credentials, the API returns two tokens:
Token Type
Description
Validity
Access Token
Used in the Authorization header for authenticating API calls
30 minutes
Refresh Token
Used to obtain a new access token when the current one expires
35 minutes
How It Works
Send a POST request to /configuration-management/api/v1/admin-accounts/oauth/authorize with your login and password.
Receive both access and refresh tokens in the response body.
Use the access token in the Authorization: Bearer YOUR_TOKEN header for all authenticated API requests.
Updating Access Token with Refresh Token
When your access token expires (after 30 minutes), you can obtain a new one without re-authenticating by using the refresh token.
How It Works
Send a POST request to /configuration-management/client/api/v1/auth/refresh-token with your refresh token in the request body.
Receive a new access token in the response.
Replace the expired access token in your API requests with the new one.
Webhooks allow our system to automatically notify your application when specific events occur (e.g., when a transaction status changes).
Provide Your Webhook URL
You must supply a publicly accessible HTTPS endpoint that can receive POST requests from our servers.
The webhook URL can be specified in the dedicated fields in the requests.
Webhook Trigger
A webhook will be sent for each status change of a payment transaction. This ensures your system always stays in sync with the latest transaction state.