Step 1: Get token

Get API token

All requests are authenticated using the token you will receive from this request. The same token can be used for all requests until it expires. The only content type supported by this request is "application/x-www-form-urlencoded".

Url: /token

Method: POST


NameType Req.Description
ApiKey String (50)YesYour merchant API key [Please contact support for Key - [email protected]]
Accept String (50)YesThe format the response should be returned in e.g.
Accept: application/json
Accept: application/xml

URL parameters: N/A

Data parameters:

grant_typeString (50)YesSet as "Password".
SiteCodeString (50)YesThe Ozow site code for the site which the payment is being made to. [Please contact support for SiteCode - [email protected]]

Response object

access_tokenString (500)The token needed for subsequent requests.
token_typeString (50)The token type.
expires_inString (50)The lifetime of the token in seconds.

Request example

const string apiKey = "[YOUR API KEY]";
const string siteCode = "[YOUR SITE CODE]";
const string baseUrl = "";

var client = new RestClient(baseUrl);
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("ApiKey", apiKey);
request.AddHeader("Accept", "application/json");
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddParameter("grant_type", "password");
request.AddParameter("SiteCode", siteCode);
IRestResponse response = client.Execute(request);
$apiKey = "[YOUR API KEY]";
$siteCode = "[YOUR SITE CODE]";
$baseUrl = "";

$client = new \GuzzleHttp\Client();
$response = $client->request('POST', $baseUrl, [
    'headers' => [
        'ApiKey' => $apiKey,
        'Accept' => 'application/json',
        'Content-Type' => 'application/x-www-form-urlencoded',
    'form_params' => [
        'grant_type' => 'password',
        'SiteCode' => $siteCode,

echo $response->getBody();
const apiKey = "[YOUR API KEY]";
const siteCode = "[YOUR SITE CODE]";
const baseUrl = "";

const options = {
    method: "POST",
    headers: {
        ApiKey: apiKey,
        Accept: "application/json",
        "Content-Type": "application/x-www-form-urlencoded"
    body: JSON.stringify({
        grant_type: "password",
        SiteCode: siteCode

fetch(baseUrl, options)
    .then(response => response.text())
    .then(data => console.log(data))
    .catch(error => console.error(error));

import requests

api_key = "[YOUR API KEY]"
site_code = "[YOUR SITE CODE]"
base_url = ""

headers = {
    "ApiKey": api_key,
    "Accept": "application/json",
    "Content-Type": "application/x-www-form-urlencoded"

data = {
    "grant_type": "password",
    "SiteCode": site_code

response =, headers=headers, data=data)


Response example