Skip to main content
All Partner API endpoints (other than the authentication endpoint itself) require a short-lived bearer access token. You get one by calling:
POST /api/v3/partners/auth

Request

Send your client ID and client secret as HTTP Basic credentials in the Authorization header — not in the request body.
Authorization: Basic base64(client_id:client_secret)
curl -X POST https://be-dev-1.dev.ndovu.co/api/v3/partners/auth \
  -H "Authorization: Basic $(echo -n 'YOUR_CLIENT_ID:YOUR_CLIENT_SECRET' | base64)"
No request body is required or accepted.

Response

A successful call returns:
{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expires_in": 3600,
  "token_type": "Bearer"
}
FieldTypeDescription
access_tokenstringJWT to send as a bearer token on subsequent requests.
expires_innumberLifetime of the token, in seconds.
token_typestringAlways Bearer.
There is no refresh token. When access_token expires, call this endpoint again with your client ID and client secret to get a new one.

Using the token

Pass the token as a bearer token on every subsequent request:
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
See Getting Products for the next step.

Errors

StatusCause
401 UnauthorizedClient ID doesn’t exist, or client secret doesn’t match.
400 Bad RequestMissing or malformed Authorization header.
If you get a 401, double-check you’re sending the raw client secret from your onboarding email — not a hashed or re-encoded version of it. If you’ve lost the original secret, contact support@ndovu.co to have it rotated; we only ever store a one-way hash of it and cannot recover the original value.