Token API

Learn about the different types of tokens, their purpose, and how to generate tokens.

We use tokens to authenticate all actions performed using ZWITCH Elements. Tokens allow us to validate that an action was performed on your application frontend and that the user has the necessary permissions to perform the action.

After authentication, the request is processed by us. Requests sent to ZWITCH servers without a token are not processed.

Best Practices

Below are some best practices you must follow when generating and using tokens for your elements.

  • Once generated, the token is valid for 60 minutes.
  • Tokens should only be generated on your backend server. To protect your API Keys, we do not allow this API to be triggered from the application frontend.
  • After generating a token, it should be passed to your application frontend in the Initialize Element and Pass Token code snippet. Ensure you have a secure mechanism in place to pass the token to your application frontend.

Types of Tokens

Currently, we support 3 types of token generation which are listed below:

  • Onboarding
  • Customer
  • Transfer

Different elements require different types of tokens for authentication. Use the Token API to generate the required token.

The table below lists the various elements and the type of tokens required to authenticate each element.

ElementToken Type Required
OnboardingOnboarding Token
Balance CheckCustomer Token
Fund TransferTransfer Token
Account StatementCustomer Token
Debit CardCustomer Token
Aadhaar VerificationCustomer Token
IR Transfer RequestTransfer Token
IR Documents Upload
IR UPI CollectTransfer Token

Prefill Information in an Element

To prefill information in an element, pass the required information within the request_details object in the Token API request body.

Refer to the Token API Object page to learn more about what information can be prefilled in an element.