Authentication

HTTP Basic auth on every request. Username = your reseller username; password = your reseller API token.

Authorization: Basic <base64(username:token)>

Canary

Use GET /ping to confirm your credentials are wired up. It returns the resolved partner identity.

curl https://gateway.pmnts.io/v2/partners/ping \
  -u "$PARTNER_USERNAME:$PARTNER_TOKEN"

{
  "partner": "acme-payments",
  "environment": "production"
}

A 401 with type: authentication_error means the username or token is wrong, has been rotated, or is being used in the wrong environment.

Rotating credentials

Two endpoints, depending on whose token you're rotating:

• POST /me/credentials/rotate — rotate your own (partner) API token.
• POST /merchants/{username}/credentials/rotate — rotate a sub-merchant's gateway token (the one they use against the Gateway API).

⚠️

Tokens are returned in plain text exactly once. Capture the response before it goes out of scope.

curl -X POST https://gateway.pmnts.io/v2/partners/me/credentials/rotate \
  -u "$PARTNER_USERNAME:$PARTNER_TOKEN"

{
  "username": "acme-payments",
  "token": "k_live_…",
  "rotated_at": "2026-06-16T06:30:00Z"
}