Getting Started

🔑 Sandbox Credentials

Sandbox Authentication

To access the sandbox environment and make API calls, you’ll need to authenticate using your credentials. Here’s how to get started:

Authentication Flow

Required Credentials

Before making any API calls, you’ll need the following credentials:

  • Username
  • Password
  • Slug (your organization identifier)

Getting an Authentication Token

To get an authentication token, make a POST request to the authentication endpoint:

$curl -X POST 'https://api-sandbox.userow.com/rest/api/v1/{your-org-slug}/auth' \
>-H 'Content-Type: application/json' \
>-d '{
>  "username": "your_username",
>  "password": "your_password"
>}'

Request Parameters

ParameterTypeRequiredDescription
usernamestringYesYour account username
passwordstringYesYour account password
slugstringYesYour organization identifier

Example Response

1{
2  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
3  "expiresIn": 3600,
4  "type": "Bearer"
5}

Using the Token

Once you have received the token, include it in the Authorization header of all subsequent API requests:

$curl -X POST 'https://api-sandbox.userow.com/rest/api/v1/payment' \
>-H 'Content-Type: application/json' \
>-H 'Authorization: Bearer your_token_here' \
>-d '{
>  // Your request payload
>}'

Token Expiration

The authentication token expires after a certain period (typically 1 hour). When the token expires, you’ll need to make a new authentication request to get a fresh token.

Error Responses

If the authentication fails, you’ll receive an error response:

1{
2  "error": "Invalid credentials",
3  "message": "The provided username or password is incorrect"
4}

Common error scenarios:

  • Invalid username or password
  • Invalid organization slug
  • Missing required fields
  • Malformed request

Best Practices

  1. Secure Storage: Never store credentials in plain text or commit them to version control
  2. Token Management: Implement proper token storage and refresh mechanisms
  3. Error Handling: Always handle authentication errors gracefully
  4. Environment Variables: Use environment variables for sensitive information

Example Implementation

Here’s a complete example using JavaScript:

1async function getAuthToken(username, password, slug) {
2  try {
3    const response = await fetch('https://api-sandbox.userow.com/rest/api/v1/auth', {
4      method: 'POST',
5      headers: {
6        'Content-Type': 'application/json'
7      },
8      body: JSON.stringify({
9        username,
10        password,
11        slug
12      })
13    });
14
15    if (!response.ok) {
16      throw new Error('Authentication failed');
17    }
18
19    const data = await response.json();
20    return data.token;
21  } catch (error) {
22    console.error('Error getting auth token:', error);
23    throw error;
24  }
25}
26
27// Usage example
28const token = await getAuthToken(
29  process.env.USERNAME,
30  process.env.PASSWORD,
31  process.env.SLUG
32);
33
34// Use the token for API calls
35const apiResponse = await fetch('https://api-sandbox.userow.com/rest/api/v1/payment', {
36  method: 'POST',
37  headers: {
38    'Content-Type': 'application/json',
39    'Authorization': `Bearer ${token}`
40  },
41  body: JSON.stringify({
42    // Your payment payload
43  })
44});

Need Help?

If you encounter any issues with authentication or need help with your credentials, please contact our support team.