Security & Authentication

Proper authentication is required for all API calls to the Presto Vendor Integration API.

Authentication Scheme

Bearer Token Authentication

The Presto Vendor Integration API uses Bearer token authentication. Include your token in the Authorization header of each request:

Authorization: Bearer <your-token>

Token Issuance

Vendor partners generate their own API tokens using the Token Issuance Endpoint:

Method: POST
URL: {{BASE_URL}}/api/developer/v1/auth/token

Request Body Parameters

Parameter	Type	Required	Description
`email`	string	Yes	Your registered vendor email address
`password`	string	Yes	Your API password provided by Presto
`token_name`	string	Yes	A descriptive name for the token (e.g., "primary-integration")
`token_expiration_date`	string	Yes	Desired token expiry date in `YYYY-MM-DD` format

Example Success Response

{
    "data": {
        "token": {
            "name": "default",
            "expiration_date": "2030-01-01T00:00:00.000000Z",
            "value": "1111|kjbdsjkvbsdkvbfdkg"
        }
    }
}

Token Management

Expiration: Tokens have an expiration date. Your system must be capable of requesting a new token before the current one expires.
Revocation: If a token is compromised, contact your Presto Partner Manager immediately to have it revoked.
Multiple Tokens: You can generate multiple tokens with different names if needed for different systems or purposes.

Transport Security

All API communication must use HTTPS (TLS 1.2 or higher). Requests over plain HTTP will be rejected. Always verify the server's TLS certificate to prevent man-in-the-middle attacks.

Security Guidelines

Token Security

Secure Storage - Store tokens in secure, encrypted storage systems such as environment variables, secure key vaults, or encrypted configuration files
No Client-Side Storage - Never store tokens in client-side code, browser storage, mobile apps, or any publicly accessible location
Limited Access - Restrict token access to only the systems and personnel that require it

Communication Security

Use HTTPS for all communications - Enforce TLS 1.2 or higher for all API interactions

Operational Security

Monitor for unauthorized use - Implement logging and alerting for abnormal API usage patterns
Report compromises - Contact your Presto Partner Manager immediately if you suspect token compromise

Authentication Scheme​

Bearer Token Authentication​

Token Issuance​

Request Body Parameters​

Example Success Response​

Token Management​

Transport Security​

Security Guidelines​

Token Security​

Communication Security​

Operational Security​