API Access

Aera’s AccessPSP endpoint is the single source for OAuth 2.0 Bearer tokens used across the White Label Wallet ecosystem.
Every call to a protected Aera API (Wallet, Payments, Identification, …) must include an AccessPSP token in the Authorization header.

Why you need it

Sequence diagram (high-level)

sequenceDiagram
  autonumber
  participant Wallet Provider (WSP)
  participant AccessPSP
  participant Wallet API

  WSP->>AccessPSP: POST /oauth/token<br/>client_id + client_secret
  AccessPSP-->>WSP: 200 OK (Bearer JWT, ttl ≈ 30 min)

  Note right of WSP: Store token in memory (no DB!)
  WSP->>Wallet API: POST /wallets/wsps/sessions<br/>Authorization: Bearer <token>
  Wallet API-->>WSP: 201 Created (sessionId + sessionKey)

Endpoint

POST https://accesspsp.aerahost.com/oauth/token
Content-Type: application/x-www-form-urlencoded

Body parameters

Example request

curl --request POST \
  --url https://accesspsp.aerahost.com/oauth/token \
  --header "Content-Type: application/x-www-form-urlencoded" \
  --data "grant_type=client_credentials&client_id=<YOUR_ID>&client_secret=<YOUR_SECRET>"

Example response

{
  "access_token": "eyJraWQiOiJrMSIsImFsZyI6IlJTMjU2In0.eyJ...",
  "token_type": "Bearer",
  "expires_in": 1800
}

Using the token

Include the returned access_token in the Authorization header of subsequent API calls:

Authorization: Bearer eyJraWQiOiJrMSIsImFsZyI6IlJTMjU2I...

📘

Best practice

Keep the token in memory and refresh it when you receive a 401 Unauthorized or after expires_in seconds—whichever comes first.
A new token request takes <200 ms in staging, so polling is unnecessary.

Common errors

Related docs

• Create Wallet Session API

Need help? Ping your Aera contact or email [email protected].