Generate and refresh access tokens to authenticate your API requests. All Nimbbl API calls require a valid bearer token obtained through these endpoints.

POST

Generate Token [v3]Generate a merchant token to authenticate your server-side API calls. Each token is independent and expires after 20 minutes.

POST

Refresh Token [v3]Deprecated. This API regenerates an access token using the `refresh_token` received from the Create Order response.

GET

Get Public Key [v2]Fetch the RSA public key used to encrypt sensitive data before sending it to Nimbbl. This endpoint requires no authentication. The key is rotated periodically — cache it for performance but refresh if encryption fails.