Skip to main content
Chift’s API is protected by a JWT Bearer Token, which is required for all API requests. To obtain this token, you first need an API Key for your account. The API Key provides the Account ID, Client ID, and Client Secret needed to generate your Bearer token. Once you have your token, you can use it to make authenticated requests linked to your consumers.
ℹ️ In short: API Key → Bearer Token → API Requests.
The API Key itself cannot be used directly to call APIs; it is only used to generate the Bearer token.

1. Create an API Key

  • Go to API Keys
  • Click “Add API Key”
  • Copy your Account ID, Client ID, and Client Secret immediately — you’ll need them next.
🔐 Each API key is environment-specific:
  • A sandbox key → sandbox environment
  • A production key → production environment
Start creating in sandbox; when going live, create a new key in production.
You can also optionally limit the scopes of an API key to one or more consumers. See Managing API Keys for details.

2. Get a Bearer Token

Use the Create a Token endpoint to obtain your access token: 
POST /token
{
  "clientId": "your_client_id",
  "clientSecret": "your_client_secret",
  "accountId": "your_account_id"
}
⚠️ This is the only endpoint that doesn’t require authentication.
The token you receive is tied to the same environment as your API key.

3. Use the Token for All Other API Requests

Add the token to every request header: 
Authorization: BEARER {accessToken}
⚠️ All other Chift API calls require this token.
Requests without it will be rejected.
In summary
StepDescriptionEnvironment
1. Create API KeyDefines whether you’re in sandbox or productionDetermined by the key
2. Generate Bearer TokenAuthenticates your sessionLinked to the key’s environment
3. Use TokenRequired for all API callsSame environment
I