***

title: How to Create a Partner Access Token
slug: guides/how-to-create-partner-access-token
subtitle: >-
Generate a short-lived access token using your API key and secret from the
Transak partner dashboard
-------------------------

A **Partner Access Token** is required to authenticate calls to Transak's partner APIs. You generate it by calling the Refresh Token endpoint with your API key and secret — it expires after **7 days**.

<Steps>
  <Step title="Log in to your dashboard">
    Go to [dashboard.transak.com](https://dashboard.transak.com) and sign in to your partner account.

    <Frame>
      <img src="https://files.buildwithfern.com/visual-editor-images/transak-labs.docs.buildwithfern.com/2026-03-11T13:31:59.841Z/guides/how-to-create-partner-access-token/d9bc4a5cd69f2330d88dbe954119ba07b3e5369a7f1874a7ad56a008edc020cc-Screenshot_2026-02-05_at_6.10.05_PM.png" alt="Transak partner dashboard login screen" title="Transak partner dashboard login screen" noZoom={false} />
    </Frame>
  </Step>

  <Step title="Open the Developers tab">
    Click **Developers** in the left-hand navigation panel.

    <Frame>
      <img src="https://files.buildwithfern.com/visual-editor-images/transak-labs.docs.buildwithfern.com/2026-03-11T13:33:58.081Z/guides/how-to-create-partner-access-token/486ee59d81c8cc4ae9a849b31341e61250a8af08a7f59250ff1d2daef503a8ec-Screenshot_2026-02-05_at_6.01.07_PM.png" alt="Developers tab in the Transak partner dashboard" title="Developers tab in the Transak partner dashboard" noZoom={false} />
    </Frame>
  </Step>

  <Step title="Copy your API credentials">
    Your **API Key** and **API Secret** are shown on this page. Copy both — you'll need them in the next step.

    <Frame>
      <div>
        Never expose your API secret in client-side code or public repositories. Always make this call from a secure backend.
      </div>
    </Frame>
  </Step>

  <Step title="Call the Refresh Token API">
    Make a `POST` request to the Refresh Token endpoint, passing your API secret as a header and your API key in the request body.

    ```bash
    curl --request POST \
      --url https://api-stg.transak.com/partners/api/v2/refresh-token \
      --header 'accept: application/json' \
      --header 'api-secret: YOUR_API_SECRET' \
      --header 'content-type: application/json' \
      --data '{"apiKey":"YOUR_API_KEY"}'
    ```

    A successful response returns a JWT `accessToken` valid for **7 days**:

    ```json
    {
      "data": {
        "accessToken": "eyJhbI1NiIsInR5cCI6IkpXVCJ9.eyJBUElfZIjoiMDRiOGJmZDItNTQ1YS00YjU1LWFkNzQtMjY0OTQ5NmFlMTI3IiwiaWF0IjoxNzcwMzczMTM0LCJleHAiOjE3NzA5Nzc5MzR9.95zFcIfGY-YLwbah37-YyNqLL62KURoz_jUcCLfhP74",
        "expiresAt": 1770977934
      }
    }
    ```

    <table>
      <tbody>
        <tr>
          <td>
            <ParamField path="accessToken" type="string">
              JWT token to include as a `Bearer` token in subsequent API requests.
            </ParamField>

            <ParamField path="expiresAt" type="number">
              Unix timestamp (seconds) indicating when the token expires.
            </ParamField>
          </td>
        </tr>
      </tbody>
    </table>
  </Step>
</Steps>