Authorization
Compare SumUp API keys, OAuth 2.0, and affiliate keys to choose the right authorization model for your integration.
SumUp exposes REST APIs for managing checkouts, retrieving transactions, and more. Every integration needs a way to authorize its API requests, and card-present solutions also need to identify the integration itself.
Choose the Right Option
Section titled “Choose the Right Option”- API keys – Static credentials owned by a single merchant. Use them for direct server-to-server integrations when you control the merchant account and need full API access.
- OAuth 2.0 – Standards-based authorization for multi-merchant solutions. Use it when other merchants or their employees connect to your application and must explicitly grant access.
- Affiliate Keys – Required for card-present scenarios to attribute transactions to your integration. Combine them with API keys or OAuth depending on how you authorize API calls.
Next Steps
Section titled “Next Steps”- Review the API reference once you have your credentials.
- Follow product-specific guides such as terminal integrations or online payments with the appropriate authorization method in place.