The access token allows you to make requests to the API on behalf of a business.
Once you've successfully obtained an access token through the OAuth 2.0 flow, you can start making authenticated requests to Tyms APIs on behalf of the authorized business.
📌 What You Need
To make a successful API request, you must include the following headers:
| Header | Description |
|---|---|
Authorization | The access token prefixed with Bearer |
Content-Type | Set to application/json |
secret_key | Your Tyms Secret Key for added security |
Never expose your secret key on the frontend or in public repositories.
🧪 Sample Request
Here's an example using curl to create a sales account via the Chart of Accounts (COA) API:
curl --request POST \
--url '{{tyms_base_url}}/api/v1/coa/sales/account' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {access_token}' \
--header 'secret_key: {your_secret_key}' \
--data '{
"name": "Online Sales",
"description": "Sales generated from online store",
"currency": "NGN"
}'
📥 Example Response
{
"status": "success",
"message": "Sales account created successfully",
"data": {
"id": "sa_123456",
"name": "Online Sales",
"description": "Sales generated from online store",
"currency": "NGN"
}
}
✅ Best Practices
- Always validate token expiration before making a request.
- Handle 401 errors gracefully by prompting for re-authentication.
- Log API errors for monitoring and debugging purposes.
- Keep your secret key secure and rotate periodically for security.