Documentation
Start typing to search…

Integration

Learn how to prepare for seamless integration.

To successfully integrate with PCE, understanding our API's core mechanisms is essential. PCE API's are organised around REST and have predictable resource-oriented URLs, return resource URL in the response header and uses standard HTTP response codes and authentications.

Environments

Our API's are available in two distinct environments:

The Sandbox environment is specifically designed for testing and development. It includes special API operations that let you easily simulate various activities and ensure your integration works perfectly before going live. You can find the full reference for test and go-live on dedicated pages within our documentation.

Authentication

The PCE API uses OAuth 2.0 Bearer Token for authentication. All API calls must include a valid bearer token in the Authorization header.

Authentication Rules:

  • All API requests must be made over HTTPS. Calls made over plain HTTP will fail.
  • Every request must include Authorization: Bearer \<token>
  • API requests without valid authentication - invalid, missing or expired tokens - will fail resulting in HTTP 401 Unauthorized response.

To get started, simply obtain your API bearer token from your PCE Contact. This token will authenticate all your subsequent calls.

API Bearer Token

PCE offers two types of API tokens: Program Manager API Tokens and Customer Tokens, designed for granular control and security during your integration.

  • Program API Tokens: These are broad, system-level API tokens. They're ideal for testing functionalities not tied to a specific end customer, offering a wider scope for initial exploration within your program.
  • Customer API Tokens: For more focused testing, you can request customer-specific tokens. These tokens restrict access to resources associated with a particular end customer, allowing you to simulate real-world scenarios and ensure data isolation accurately.

Role

When a token is created, it's assigned a set of roles. These roles define precisely which resources can be accessed using that token and the allowed access level (read or write). This ensures that tokens only have the necessary permissions.

Rate Limits

Our API rate limit is based on your IP address and is set to 1,000 requests per 10 sec. This limit applies separately to each environment (Sandbox and Live). If you exceed this limit, your responses will include an HTTP 429 Too many requests code, and further calls will be dropped until the window resets.

Updated 5 days ago

© 2025 Priority Technology Holdings LLC. All rights reserved.