All our APIs endpoints support the OAuth 2.0 authentication protocal. For more information on this, please see: oAuth 2.0.

To start sending authenticated HTTP requests you need to:

  1. Get an oAuth2 access token using your provided client_id and client_secret, please note these are different for staging and production.
  2. This will respond with a bearer token that is valid for 7 days on production on staging it will expire every hour.
  3. So make sure to handle the renewal of the access appropriately, either track the expiry time of the token or automatically request a new access token when your token has expired.

Aggregator or platform integration?

Please consider the following options when developing your integrations with Quiqup.

  1. Billing Identifiers: This avoids the needs for Client ID/Client secret fully, we would just leverage your API Keys and can pass us a billing identifier, which allows us to pass map this order to a specific customer. This means you will remain the author for these orders, but they are owned by the client. This does mean that if a client has several brands, the clients would only be able to access each brand in a specific dashboard.
  2. API Keys per account: We would provide API keys to the client, making the client the author and owner of the orders, but again clients with multiple brands would have accounts for each brand.
  3. API Keys for master account and billing identifiers per brands: This is basically a combination of the two, we would provide the client with API keys and would configure billing IDs per brands which we would share with the client.

Please note billing IDs can be provided by the client or by the platform/aggregator to Quiqup, alternatively Quiqup can provide one to you.

Request Parameters

3 Query Parameters

Request Body



The expires_in fields returns how many seconds the returned access_token is valid for. After that you will have to request this endpoint again in order to generate a new access_token.

Example reponse:

{ “access_token”: “245c47495152da4845b65f57facdd7c8b6765451e946b9faa4817c245a335110”, “token_type”: “bearer”, “expires_in”: 3600, “created_at”: 1616571253 }

1 validation

Send a Test Request

Send requests directly from the browser (CORS must be enabled)
No $$.env variables are being used in this request.