{"templateId":"markdown","sharedDataIds":{"sidebar":"sidebar-guides/sidebars.yaml"},"props":{"metadata":{"markdoc":{"tagList":[]},"type":"markdown"},"seo":{"title":"Direct API Access and Authentication","llmstxt":{"hide":false,"sections":[{"title":"Table of contents","includeFiles":["**/*"],"excludeFiles":[]}],"excludeFiles":[]}},"dynamicMarkdocComponents":[],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"id":"direct-api-access-and-authentication","__idx":0},"children":["Direct API Access and Authentication"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Use Merchant Dashboard to configure how your integration authenticates with the Resolve API."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Navigate to ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Settings > Integrations > Direct API"]},"."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["From this page, merchants can:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["enable or disable Basic Auth"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["enable or disable OAuth"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["create, rotate, revoke, and delete OAuth access keys"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["upgrade their API version"]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"basic-auth","__idx":1},"children":["Basic Auth"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["If Basic Auth is enabled, merchants authenticate with:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["username: merchant ID"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["password: secret API key"]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"oauth-access-keys","__idx":2},"children":["OAuth Access Keys"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["If OAuth is enabled, merchants can create access keys for server-to-server integrations."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["When creating an access key, merchants choose one or more scopes:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["merchant:read"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["merchant:write"]}]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["After an access key is created, the client secret is shown once and should be copied immediately."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Merchants can also:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["rotate an access key to replace its secret"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["revoke an access key to disable it"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["delete a revoked or expired access key"]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Revoked and expired keys remain visible in the dashboard so merchants can understand why an integration stopped working."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["To see how to exchange an access key for a bearer token, read ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"/guides/mint-an-access-token"},"children":["Mint an Access Token with an OAuth Access Key"]},"."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"api-versioning","__idx":3},"children":["API Versioning"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Merchants can manage their API version from the same Direct API settings area."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Version upgrades are upgrade-only in the dashboard UI:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["merchants may keep their selected version"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["merchants may move to a newer version"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["merchants may not downgrade to an older version through the UI"]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"authentication-in-the-api-reference","__idx":4},"children":["Authentication in the API Reference"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The API reference documents both supported auth methods:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["HTTP Basic Auth"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["OAuth 2.0 Client Credentials bearer-token authentication"]}]}]},"headings":[{"value":"Direct API Access and Authentication","id":"direct-api-access-and-authentication","depth":1},{"value":"Basic Auth","id":"basic-auth","depth":2},{"value":"OAuth Access Keys","id":"oauth-access-keys","depth":2},{"value":"API Versioning","id":"api-versioning","depth":2},{"value":"Authentication in the API Reference","id":"authentication-in-the-api-reference","depth":2}],"frontmatter":{"seo":{"title":"Direct API Access and Authentication"}},"lastModified":"2026-03-18T19:36:56.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/guides/direct-api-access-and-authentication","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}