Authentication

Note: This authentication guide applies specifically to the OpenCard Issuer Receipt API. For other OpenCard APIs, please refer to their respective authentication documentation.

Overview

The OpenCard Issuer Receipt API uses Bearer token authentication to secure all API endpoints and ensure that only authorized payment providers and issuing partners can access digital receipt services. This authentication system provides secure access to transaction data and receipt management capabilities for qualified partners.

Getting Your API Key

To obtain API credentials for the OpenCard Issuer Receipt API, you must have a valid partner agreement in place with OpenCard. Contact our support team at support@opencard.io to get started.

Authentication Method

All Issuer Receipt API requests must include a valid Bearer token in the Authorization header:

Authorization: Bearer YOUR_API_TOKEN

Making Authenticated Requests

HTTP Header Format

Include your Bearer token in the Authorization header of every API request to the Receipt API:

curl -X GET "https://receipts.opencard.io/api/v1/marcet/callbackrequests" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json"

Code Examples

curl -X GET "https://receipts.opencard.io/api/v1/marcet/callbackrequests" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json"

Security Best Practices

Keep Your Tokens Secure

Store your API tokens securely and never expose them in client-side code
Use environment variables or secure configuration management
Rotate your tokens periodically for enhanced security
Never commit API keys to version control systems

HTTPS Only

All API requests must be made over HTTPS
HTTP requests will be rejected to protect your data in transit
The Receipt API endpoint uses SSL/TLS encryption

Token Scoping

Your API token will have specific scopes based on your payment provider integration needs
Receipt API tokens are separate from other OpenCard API credentials
Contact support if you need additional permissions or scope changes

Error Responses

If authentication fails, you'll receive one of these error responses:

Status Code	Description	Action Required
`401`	Unauthenticated - Missing or invalid token	Check your Authorization header and token validity
`403`	Access denied - Insufficient permissions	Contact support for scope changes or verify your integration type

Need Help?

If you encounter any authentication issues or need assistance with the Issuer Receipt API:

Email: support@opencard.io
Include: Error messages, request details, and your specific Receipt API use case

Our support team is here to help you integrate with the OpenCard digital receipt services quickly and securely.