Authentication Token Reference
Endpoints and SDK methods that require Forage bearer tokens.
Authenticate with Forage covers step-by-step token generation. For a conceptual overview of how the two token types work, see Understanding Forage Authentication.
Token constraints
| Token type | Lifetime | Scope | Limit |
|---|---|---|---|
| Authentication Token | Up to 30 days | Server-side only in production | 1000 active tokens per Client ID and Client Secret pair |
| Session Token | 15 minutes | Front-end requests | One per checkout session |
Authentication tokens are revoked via /o/revoke_token/ (single) or /o/bulk_revoke/ (bulk).
Endpoints that require authentication tokens
- Create a Fully Hosted Session: POST
/sessions/ - Create a Custom Payment Capture Session: POST
/capture_sessions/ - Update an Order: PATCH
/orders/{order_ref}/ - Cancel an Order: POST
/orders/{order_ref}/cancel/ - Create a refund for an entire Order: POST
/orders/{order_ref}/refund_all/ - Create a refund for part of an Order: POST
/orders/{order_ref}/refunds/ - Retrieve all refunds for a given Order: GET
/orders/{order_ref}/refunds/ - Retrieve a Refund for a given Order: GET
/orders/{order_ref}/refunds/{refund_ref} - Update a Payment Method: PATCH
/payment_methods/{payment_method_ref}/ - Create a Payment for a given Order: POST
/orders/{order_ref}/payments/ - Update an OrderPayment: PATCH
/orders/{order_ref}/payments/{payment_ref}/ - Cancel an OrderPayment: POST
/orders/{order_ref}/payments/{payment_ref}/cancel - Update a Payment: PATCH
/payments/{payment_ref}/ - Create a refund for a given Payment: POST
/payments/{payment_ref}/refunds/ - Retrieve a report: GET
/reporting/{report_type}
Flexible token acceptanceSome endpoints can accept either a session token or an authentication token in the
Authorizationheader. Consult the reference documentation for the specific endpoint to confirm what bearer token type is required.