API Onboarding - Step by Step

This guide walks you through registering on the developer portal, subscribing to products, and generating access tokens so you can start calling Premium Credit APIs

Step 1

Step 1

Register and Obtain Your Credentials

Registration gives you access to the developer portal and starts the onboarding process required to issue your API credentials.

Prerequisites

  • You’ve completed your kick‑off call with Premium Credit

  • You’ve received the developer portal registration URL

What you need to do

  • Register on the developer portal using your work email

  • Verify your email address using the confirmation link

  • Sign the Premium Credit NDA when requested

What happens next

  • PCL reviews and approves your registration

  • Your client ID and client secret are generated

  • Credentials are issued via a password‑protected document

  • You will be given full access to the developer portal once a signed NDA has been returned

The confirmation link has a 48 hour expiry and must be used within that time frame to activate your account.

Your client ID and client secret are not displayed in the developer portal. Store them securely and never commit them to source control.

Step 2

Step 2

Subscribe to API Products

APIs are grouped into products. You must subscribe to a product before you can call its endpoints.

How subscriptions work

  • The ability to subscribe to Products become available after NDA approval

  • Each product generates its own subscription keys

  • Subscriptions are approved by Premium Credit

Your steps

  • Browse available products in the developer portal

  • Subscribe to the products you need

  • Notify your PCL Account Manager or Digital Lead

✅ Once approved, subscription keys are available in Profile → Subscriptions.

Step 3

Step 3

Generate an Access Token and Call APIs

Access tokens are required to authenticate API requests. Tokens are generated by calling the Authentications API with your PCL provided client credentials and subscription key.

Authentication request body

grant_type=client_credentials
client_id=YOUR_CLIENT_ID
client_secret=YOUR_CLIENT_SECRET

Token lifecycle

  • Tokens are valid for 59 minutes, 59 seconds

  • Tokens are not refreshed automatically

  • You should cache and reuse tokens within their lifetime

Using the token

  • Include it in the Authorization header as Bearer <token>

  • Use it for all API calls until it expires

ℹ️ Primary and Secondary subscription keys allow safe rotation without downtime. Share the secondary key when temporary access is required.

Ready to see what we can offer?

Register