Skip to main content
Version: 1

Merchant Users API

Manage the dashboard users of your merchants. As an acquirer you can create users, keep their details up to date, control their permission sets, disable / enable access, resend invitations and trigger password resets — for any merchant under your acquirer.

Invitation flow

Creating a user does not set a password. The user receives an invitation email with a time-limited link where they accept the invitation and choose their own password. Use the resend endpoint if the invitation expires before it is accepted.

Permissions model

Each merchant user carries an explicit list of permission strings (e.g. orders_read, agreements_disable). The available permissions are listed by GET /v1/acquirer/merchants/:merchant_id/users/permissions, grouped by resource. A permission string is formed as <group>_<action> (e.g. group orders + action readorders_read).

Authentication

Acquirer API key sent as a bearer token:

Authorization: Bearer acquirer_key_...

Keys are created from the Acquirer Dashboard and carry an explicit set of permissions. Every request is scoped to the acquirer that owns the key — resources of other acquirers are never visible. Keys may be IP-restricted; requests from non-whitelisted IPs are rejected with HTTP 401. See the Authentication page for details.

Security Scheme Type:

http

HTTP Authorization Scheme:

bearer

Bearer format:

acquirer_key_*