Authentication and Tokens

November First uses OAuth2 for authorization to the API. It is not possible to interact with the API without a valid Partner ID token.

All the authentication tokens are sent using Headers in order to receive the session token.

To obtain a quote for a given “from” and “to currency” and “to amount”, or see the list of supported currencies per country, the calls to these endpoints do not require authentication.

To call any endpoint of our API you need to obtain a token, by calling the token URL:


With the following data in the body of the POST request:

UserNameThe user name of the user that is going to login
PasswordThe password of the user that is going to login
AppIdThe AppId from the API Settings in the customer portal (Your App Key)
PartnerIdThe PartnerId you obtain when becoming partner with November First. Ask support if you need the id again.

Here is an example of the request/response in raw form:


Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Length: 155
Expect: 100-continue

grant_type=password&username=[email protected]&password=1234&appid=CBFD555-9805-4905-tghg347654&partnerid=0454555-7751-4905-tghg345646


"access_token": "Kv0CfU2oU47rfLasmdAS01UBqfbGo6t9G6sgdX... ",
"token_type": "bearer",
"expires_in": 899,
".issued": "Mon, 07 Aug 2017 14:26:06 GMT", ".expires": "Mon, 07 Aug 2017 14:41:06 GMT"

After obtaining the access token, you append it on every request using the following header:
Authorization: Bearer [access_token]
Where [access_token] should be replaced with the token you just received.

Here is an example of a create payment request:

Authorization: Bearer Kv0CfU2oU47rfLasmdAS01UBqfbGo6t9G6sgdX_...
Content-Type: application/json
Content-Length: 821