1. Authorization
Almara Pay Documentation
  • Introduction
  • Definitions
    • Data Types
    • Error Codes
    • MCCMNC Codes
  • Authorization
    • Overview
    • Token Request
      POST
    • Find Transaction Routes
      GET
    • Health Check
      GET
  • Payouts
    • Overview
    • Payment Order Request Information
    • Mobile Money Requests
      • Overview
      • Mobile Transfers- Safaricom (M-Pesa)
      • Mobile Transfers - Airtel Money
    • Payment Order Requests - Business Transfers
      POST
    • Payment Order Requests - Bank Transfers
      POST
    • Find Payment Order By OriginatorConversationId
      GET
    • Reject Order By OriginatorConversationId
      POST
  • Pay-Ins
    • Payment Links
      • Overview
      • Create Payment Link
      • Find Payment Links By Id
      • Update Payment Link
    • Express Deposits
      • Overview
      • Express Deposit Request
      • Find Express Deposit By OriginatorConversationId
    • C2B IPN (Callback)
      • C2B IPN Overview
  • Card Payments
    • Overview
    • Checkout Order Request
      POST
    • Query Checkout Request
      GET
    • Checkout Callback Request
      POST
  • Account Validation
    • Overview
    • Account Number Validation Request
      POST
    • Find KYC Status by SystemTraceAuditNumber
      GET
    • Account Validation
      POST
    • Find Account Validation Status by SystemTraceAuditNumber
      GET
  • Platform Services
    • Airtime Purchase
      • Overview
      • Airtime Purchase
      • Find Airtime Purchases By OriginatorConversationId
    • Customer Accounts
      • Balance Check
      • Find Charges By TransactionTypeId
    • Bill Payments
      • Overview
      • Bill Request Validation
      • Bill Request Payment
      • Find Bill Services
      • Find Bill Number By Service Id and Account Number
      • Find Bill Request By Originator Converstion Id
      • Bill Number
  1. Authorization

Overview

Authorization#

Almara Pay™ Gateway uses the industry-standard OAuth 2.0 (Client Credentials Grant) protocol to secure all API communication.
Before you can interact with our endpoints, you must obtain a temporary Access Token using your merchant credentials.
[!IMPORTANT]

🔐 Protect your Credentials#

Your client_secret is a sensitive piece of information. Never share it in public repositories, client-side code, or insecure communication channels.

🏗️ The Auth Flow#

All requests to the Almara Pay API must include an Authorization header containing a valid Bearer Token.

🚦 Step-by-Step Integration#

1. Retrieve your Credentials#

Log in to the Almara Pay Dashboard and navigate to Settings > API Keys. You will find:
Client ID: Your public identifier.
Client Secret: Your private key (keep this secret!).

2. Obtain an Access Token#

Send a POST request to our identity server.
EndpointMethod
https://api-sandbox.zamupay.com/v1/oauth/tokenPOST
Request Body:
{
  "client_id": "YOUR_CLIENT_ID",
  "client_secret": "YOUR_CLIENT_SECRET",
  "grant_type": "client_credentials"
}

3. Use the Bearer Token#

Once you receive the access_token, include it in every subsequent API request using the Bearer scheme.
Header Example:

🚥 Token Expiry & Errors#

IssueReasonSolution
401 UnauthorizedInvalid ID or SecretDouble-check your credentials in the dashboard.
Token ExpiredToken duration exceededImplement a refresh logic to request a new token.
403 ForbiddenValid token, but no permissionsEnsure your account has the correct scopes enabled.

🆘 Need Help?#

If you're having trouble authenticating, please contact our technical team at sales@almarapay.com.
Modified at 2026-04-30 06:07:35
Previous
MCCMNC Codes
Next
Token Request
Built with