The Extend API uses private API keys to authenticate requests in the header X-Extend-Access-Token. There are a few steps to obtaining this access token.

In order to retrieve an API access token, an Admin or API Manager for your account must create an API Integration in the Extend Merchant Portal. This creates an OAuth Client ID and Client Secret that can be exchanged for an Extend access token using our oauth/token endpoint. To do this we must do the following:

  1. Login to your Merchant Portal (

  2. Once logged in you will see the Integration Tab, navigate to it:
    * Integration tab can only be accessed by an account admin or integrator role. If you do not have these permissions please reach out to us by filling a support ticket within the Merchant Portal.

  3. Click on the New API Integration button:

  4. You will then be prompted to the name the integration you are creating and set an optional Expiration Date:

  5. Once that is done you will be presented with your client secret and client id to use in the following steps.
    Please make sure you copy these for later use:

Your Client ID and Client Secret carries many privileges so be sure to keep it secure! Do not share your Client ID and Client Secret in any publicly accessible areas like GitHub, client-side code, etc.

Example production request for an access token:

curl --request POST \
     --url \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
    "grant_type": "client_credentials",
    "client_id": "{{YOUR_CLIENT_ID}}",
    "client_secret": "{{YOUR_CLIENT_SECRET}}",
    "client_assertion": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"