Use Merchant Dashboard to configure how your integration authenticates with the Resolve API.
Navigate to Settings > Integrations > Direct API.
From this page, merchants can:
- enable or disable Basic Auth
- enable or disable OAuth
- create, rotate, revoke, and delete OAuth access keys
- upgrade their API version
If Basic Auth is enabled, merchants authenticate with:
- username: merchant ID
- password: secret API key
If OAuth is enabled, merchants can create access keys for server-to-server integrations.
When creating an access key, merchants choose one or more scopes:
merchant:readmerchant:write
After an access key is created, the client secret is shown once and should be copied immediately.
Merchants can also:
- rotate an access key to replace its secret
- revoke an access key to disable it
- delete a revoked or expired access key
Revoked and expired keys remain visible in the dashboard so merchants can understand why an integration stopped working.
To see how to exchange an access key for a bearer token, read Mint an Access Token with an OAuth Access Key.
Merchants can manage their API version from the same Direct API settings area.
Version upgrades are upgrade-only in the dashboard UI:
- merchants may keep their selected version
- merchants may move to a newer version
- merchants may not downgrade to an older version through the UI
The API reference documents both supported auth methods:
- HTTP Basic Auth
- OAuth 2.0 Client Credentials bearer-token authentication