Overview
All e-CROSS APIs are private and require authentication. You must authenticate through the Generate Token API using your client credentials to generate an access token.Obtaining Credentials
Contact your e-CROSS representative to:- Register your merchant account
- Obtain your
clientIdandclientSecret - Receive your
carrierId(used to send fulfillment events, if that applies to your use case)
These credentials are unique to your merchant account and should be kept secure. Never expose them publicly or commit them to version control.
Authentication Flow
- Request token: Use your
clientIdandclientSecretto obtain an access token via the Generate Token API - Cache token: Store the token securely and reuse it until it expires
- Use token: Include the token in the
Authorizationheader of all API requests - Request a new token: A few minutes before the token expires, request a new token (step 1)
Token Expiration
The generated access token has an 8-hour validity. You must request a new token before the current one expires, to avoid being blocked by the APIs. If you invoke an API after the token has expired, you will receive a401 Unauthorized error.
Token Management Best Practices
Security Considerations
- Keep your client credentials (
clientIdandclientSecret) secure and never expose them publicly - Implement proper token management and storage mechanisms to protect sensitive information
- Use secure storage for cached tokens
- Never commit credentials or tokens to version control
- Rotate credentials periodically if compromised