Partner Authorization Framework

All authorization is based on OAuth 2.0. The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service. OAuth relies on authentication scenarios called flows, which allow the resource owner to share the protected content from the resource server without sharing their credentials. For that purpose, an OAuth 2.0 server issues access tokens that the client applications can use to access protected resources on behalf of the resource owner. For more information please see the IETF definition rfc6749.

Once the Partner scope has been approved by Sniptech, the access tokens provided will be valid for 5 minutes and refresh tokens for 30 minutes.

Environment variables {{base_url}}:



Token and refresh endpoint: {{base_url}}/auth/token


Sniptech Cancellations Partner API: cancellation

Sniptech Deals Partner API: deals

Sniptech PSD2 & PFM Partner API: pfm

Sniptech Online Cashback: cashback

Token example:

curl --location --request POST '{{base_url}}/auth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=<CLIENT_ID>' \
--data-urlencode 'client_secret=<CLIENT_SECRET>' \
--data-urlencode 'scope=cancellation-service'

Refresh example:

curl --location --request POST '{{base_url}}/auth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'refresh_token=<REFRESH TOKEN>'

The obtained access_token must be included in every call on our platform, e.g:

curl --location --request GET '{{base_url}}/cancellations/v1/organizations?locale=es-ES' \
--header 'Authorization: Bearer <ACCESS TOKEN>'

Sample Response: