Authentication Token Reference
Endpoints and SDK methods that require Forage bearer tokens.
Authenticate with Forage covers step-by-step token generation. For a conceptual overview of how the two token types work, see Understanding Forage Authentication.
Token constraints
| Token type | Lifetime | Scope | Limit |
|---|---|---|---|
| Authentication Token | Up to 30 days | Server-side only in production | 1000 active tokens per Client ID and Client Secret pair |
| Session Token | 15 minutes | Front-end requests | One per checkout session |
Authentication tokens are revoked via /o/revoke_token/ (single) or /o/bulk_revoke/ (bulk).
Endpoints that require authentication tokens
- Create a Fully Hosted Session: POST
/sessions/ - Create a Custom Payment Capture Session: POST
/capture_sessions/ - Update an Order: PATCH
/orders/{order_ref}/ - Cancel an Order: POST
/orders/{order_ref}/cancel/ - Create a refund for an entire Order: POST
/orders/{order_ref}/refund_all/ - Create a refund for part of an Order: POST
/orders/{order_ref}/refunds/ - Retrieve all refunds for a given Order: GET
/orders/{order_ref}/refunds/ - Retrieve a Refund for a given Order: GET
/orders/{order_ref}/refunds/{refund_ref} - Update a Payment Method: PATCH
/payment_methods/{payment_method_ref}/ - Create a Payment for a given Order: POST
/orders/{order_ref}/payments/ - Update an OrderPayment: PATCH
/orders/{order_ref}/payments/{payment_ref}/ - Cancel an OrderPayment: POST
/orders/{order_ref}/payments/{payment_ref}/cancel - Update a Payment: PATCH
/payments/{payment_ref}/ - Create a refund for a given Payment: POST
/payments/{payment_ref}/refunds/ - Retrieve a report: GET
/reporting/{report_type}
Flexible token acceptanceSome endpoints can accept either a session token or an authentication token in the
Authorizationheader. Consult the reference documentation for the specific endpoint to confirm what bearer token type is required.
SDK methods that require session tokens
Android
iOS
Forage JS
Updated about 1 month ago