Access Token
Request an access token by specifying your x-client-id and x-api-key in the HTTP request header. The returned auth_token is required for all other API endpoints and must be passed in the x-auth-token header prefixed with Bearer — for example, x-auth-token: Bearer <YOUR_TOKEN_HERE>. The Bearer prefix is required across all business lines.
The access token can be used multiple times for all other API endpoints until it expires. Rely on expired_at for the accurate token expiration time.
auth_token is valid for 30 minutes in Production.
Token concurrency by business line
Whether a newly issued token invalidates the previous one depends on the business line:
- Multiple tokens may coexist (newly issued tokens do not invalidate previous ones) — Account Center, Card Issuance.
- Single active token only (a newly issued token immediately invalidates the previous one) — Global Account, Global Acquiring, Stablecoin Account.
For single-active-token business lines, avoid requesting new tokens from multiple processes concurrently — running processes may start receiving authentication errors once another process refreshes the token.
Documentation Index
Fetch the complete documentation index at: https://developers-sandbox.uqpaytech.com/llms.txt
Use this file to discover all available pages before exploring further.
授权
The API key generated by UQPAY.
The API client id generated by UQPAY.
响应
Successfully.
Returned authentication token. Clients must store this securely and destroy it when it is no longer needed.
"2YotnFZFEjr1zCsicMWpAA2YotnFZFEjr1zCsicMWpAA2YotnFZFEjr1zCsicMWpAA2YotnFZFEjr1zCsicMWpAA"
Expiration time represented as a Unix timestamp in second-level precision. Indicates the point in time after which the token becomes invalid.
1757449854