Skip to main content

Bearer tokens

Every request to the Dime Payments API requires an Authorization header with a Bearer token: 
Authorization: Bearer your-api-token
Tokens are Laravel Sanctum personal access tokens. They are minted inside the Dime Payments dashboard — not via the API itself.

Getting a token

  1. Log into the Dime Payments dashboard
  2. Click your profile icon in the top right
  3. Select Generate API token
  4. Copy the token immediately — it will not be shown again

Token abilities

Every token carries a set of abilities that control which endpoints it can access. If a token lacks the required ability for an endpoint, the API returns a 401 Permission Denied response. Common abilities include:
AbilityWhat it allows
transaction:charge-card-tokenCharge a card using a stored token
transaction:charge-card-panCharge a card using raw PAN data (requires PCI compliance)
transaction:charge-achCharge a bank account
customer:readList and show customers
customer:writeCreate, update, and delete customers
merchant:readList and show merchants
merchant:writeCreate and update merchants
Contact your Dime Payments representative to configure abilities on your token.

Keeping tokens secure

  • Never expose tokens in client-side code or public repositories
  • Use environment variables to store tokens in your application
  • Generate separate tokens for production and staging environments
  • Rotate tokens immediately if you suspect they have been compromised

Example request

curl --request GET \
  --url https://app.dimepayments.com/api/merchant/list \
  --header 'Authorization: Bearer your-api-token' \
  --header 'Content-Type: application/json'

Error responses

StatusMeaning
401 Permission DeniedToken is missing, invalid, or lacks the required ability
403 UnauthorizedToken is valid but the resource belongs to another merchant

Next steps