The Violet API uses API keys associated with your Violet Application along with a system generated refresh token to authenticate requests. You can view and manage your API keys in the Violet Applications Dashboard.

The following information needs to be included as headers in each request:

X-Violet-App-Id X-Violet-App-Secret X-Violet-Token

Your Violet Application will provide you with a Violet-App-Id and Violet-App-Secret, however, the Login API request needs to be called the first time you are authenticating to request a Violet-Token. This token will be used for all subsequent calls to Violet stays valid for 24 hours. Remember to account for the need to refresh your token within the specified time window or subsequent requests will fail.

In the current version of the API you are making requests on behalf of the users of your application through your Violet developer account. This means that you are authenticating with your developer account and sending your customers data through to Merchants on the other end when you place an order through the API.

You can have a quick demo of how authentication works by going through Postman + Login.


The complete list of Violet Authentication APIs are as follows:

ο»ΏObtaining an API Token

GET /login


ο»ΏRefreshing an API Token

GET /auth/token


If a call is made using an expired token, Violet APIs will respond with the following:



Updated 19 May 2022
Did this page help you?