The Cleo Pay API uses Bearer token authentication. Include your token in the Authorization header of every request.
Authorization: Bearer <token>
<token> with the token you receive after signing in.
Example request
curl --request GET \
--url https://api.cleo-pay.com/api/businesses \
--header "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..."
Token expiry
Tokens expire after a set period. When a token expires, the API returns a 401 Unauthorized response. Re-authenticate by signing in again to obtain a new token.
Error responses
| Status | Cause |
|---|
401 Unauthorized | The Authorization header is missing or the token has expired. |
403 Forbidden | The token is valid but does not have permission to perform the requested action. |
Never expose your token in client-side code or public repositories. Treat it like a password.
Checking your token
You can verify that your token is working by calling any authenticated endpoint. A 200 or 201 response confirms the token is valid. A 401 means you need to re-authenticate.
curl --request GET \
--url https://api.cleo-pay.com/api/user/profile \
--header "Authorization: Bearer <token>"