Authorization
SumUp exposes REST APIs for managing checkouts, retrieving transactions, and more. Every integration needs a way to authorize API requests, and card-present solutions also need to identify the integration itself.
Choose the right option
Section titled “Choose the right option”- API keys – Static credentials owned by a single merchant. Use them for direct server-to-server integrations when you control the merchant account and need full API access.
- OAuth 2.0 – Standards-based authorization for multi-merchant solutions. Use it when other merchants or their employees connect to your application and must explicitly grant access.
- Affiliate Keys – Required for card-present scenarios to attribute transactions to your integration. Combine them with API keys or OAuth depending on how you authorize API calls.
Next steps
Section titled “Next steps”- Review the API reference once you have your credentials.
- Follow product-specific guides such as terminal integrations or online payments with the appropriate authorization method in place.