Merchant Users API
Manage the dashboard users of your merchants. As an acquirer you can create users, keep their details up to date, control their permission sets, disable / enable access, resend invitations and trigger password resets — for any merchant under your acquirer.
Invitation flow
Creating a user does not set a password. The user receives an invitation email with a time-limited link where they accept the invitation and choose their own password. Use the resend endpoint if the invitation expires before it is accepted.
Permissions model
Each merchant user carries an explicit list of permission strings
(e.g. orders_read, agreements_disable). The available permissions
are listed by GET /v1/acquirer/merchants/:merchant_id/users/permissions,
grouped by resource. A permission string is formed as
<group>_<action> (e.g. group orders + action read →
orders_read).
Authentication
- HTTP: Bearer Auth
Acquirer API key sent as a bearer token:
Authorization: Bearer acquirer_key_...
Keys are created from the Acquirer Dashboard and carry an explicit set of permissions. Every request is scoped to the acquirer that owns the key — resources of other acquirers are never visible. Keys may be IP-restricted; requests from non-whitelisted IPs are rejected with HTTP 401. See the Authentication page for details.
Security Scheme Type: | http |
|---|---|
HTTP Authorization Scheme: | bearer |
Bearer format: | acquirer_key_* |