Guides

Venue API

Vendor API

Authentication

Overview

POSaBIT uses different authentication methods depending on the API version:

Version Method Tokens Required
V3 HTTP Basic Authentication Integrator token + Venue token
Vendor HTTP Basic Authentication Integrator token + Vendor token
V1 / V2 Bearer Token Venue API token

V3 Authentication (Recommended)

The v3 API requires two tokens to authenticate each request: an integrator API token and a venue API token.

Both tokens are combined using HTTP Basic Authentication:

Step 1 — Combine the tokens

integrator_api_token:venue_api_token

Step 2 — Base64 encode the combined string

echo -n "integrator_token:venue_token" | base64

Step 3 — Send in the Authorization header

Authorization: Basic {base64_encoded_tokens}

Complete curl example

curl -X GET "https://app.posabit.com/api/v3/info" \
  -H "Authorization: Basic $(echo -n 'INTEGRATOR_TOKEN:VENUE_TOKEN' | base64)" \
  -H "Accept: application/json"
Tip: If you have only an integrator token, you can call GET /api/v3/info with the venue token part blank. This returns a list of all available venues for your integrator with their tokens.

Vendor API Authentication

The Vendor API (vapi) uses HTTP Basic Authentication with an integrator token and a vendor token.

Step 1 — Combine the tokens

integrator_token:vendor_token

Step 2 — Base64 encode the combined string

echo -n "integrator_token:vendor_token" | base64

Step 3 — Send in the Authorization header

Authorization: Basic {base64_encoded_tokens}

Complete curl example

curl -X GET "https://app.posabit.com/vapi/v1/retailers" \
  -H "Authorization: Basic $(echo -n 'INTEGRATOR_TOKEN:VENDOR_TOKEN' | base64)" \
  -H "Accept: application/json"
Tip: The GET /vapi/v1/vendors endpoint only requires the integrator token (leave the vendor token blank) and returns a list of vendors associated with your integrator account.

V1 / V2 Authentication (Legacy)

The legacy API versions use a simple Bearer token in the Authorization header:

curl -X GET "https://app.posabit.com/api/v2/venue/customers" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Accept: application/json"
Note: V1 and V2 APIs will be deprecated. Please migrate to V3 as soon as possible.

Error Responses

Status Description
401 Invalid or missing authentication credentials
403 Valid credentials but insufficient permissions
404 Resource not found or not accessible with current token