Set up and manage your client ID and secret to securely authenticate and access protected API endpoints.
Audience and API Resource Permissions
When integrating any downstream service through the Verve Gateway, all clients (new or existing) are required to have their credentials explicitly permitted by Interswitch Support. Self-configuration is not supported.
To proceed, clients must
reach out to the Interswitch Support Team and
request that their client_id be granted access to the
Verve Gateway by configuring the required
audience and
API resource permissions.
aud)
Clients must request that the audience
"verve-gateway"
be added to their client_id configuration. This is
mandatory for all integrations routed through the Verve Gateway.
When contacting Interswitch Support, clearly state that your
client_id should be enabled for the following audience:
{
"aud": [
"verve-gateway"
]
}Alongside the audience request, clients must also provide a complete list of gateway endpoints and HTTP methods they require access to.
These endpoints will be whitelisted under the
api_resources configuration for the client. Any
endpoint or method not explicitly listed will be blocked.
{
"api_resources": [
"rid-{{HTTP_METHOD}}/gateway/{{service-name}}/**"
]
}Example:
{
"api_resources": [
"rid-GET/gateway/safetoken/**",
"rid-POST/gateway/safetoken/**",
"rid-PUT/gateway/safetoken/**",
"rid-PATCH/gateway/safetoken/**",
"rid-DELETE/gateway/safetoken/**",
"rid-GET/gateway/loyalty-engine/**",
"rid-POST/gateway/loyalty-engine/**",
"rid-PUT/gateway/loyalty-engine/**",
"rid-PATCH/gateway/loyalty-engine/**",
"rid-DELETE/gateway/loyalty-engine/**"
]
}⚠️ Important: Access is strictly enforced by the Verve Gateway. Any API route or HTTP method not approved and configured by Interswitch Support will result in a 403 – Forbidden response.
Ensure that your request to Interswitch Support includes:
- Your Client ID
- The required audience:
verve-gateway - The full list of gateway endpoints and HTTP methods