Airalo Developer Platform
  1. Authenticate
Airalo Developer Platform
  • OVERVIEW
    • Introduction
    • Attribute descriptions
    • FAQ
    • Quick start
      • Step 1: Request access token
      • Step 2: Get packages
      • Step 3: Submit order
      • Step 4: Get installation instructions
    • User journeys
      • Purchase journey
      • Top-up journey
    • Guides
      • How to set up a brand for eSIMs Cloud link sharing
      • How to get the eSIMs Cloud sharing link through API
      • How to generate the QR code for an eSIM
      • How to share eSIM installation instructions with users
      • eSIM installation methods for API Partners
  • REST API
    • Introduction
    • Product updates
    • Rate limits
    • Error handling
    • Endpoints
      • Authenticate
        • Request access token
          POST
      • Browse packages
        • Get packages
        • Get compatible device list
      • Place order
        • Submit order
        • Submit order async
        • Future orders
        • eSIM voucher
      • Install eSIM
        • Get eSIM
        • Get installation instructions
      • Monitor usage
        • Get usage (data, text & voice)
      • Place top up order
        • Submit top-up order
        • Get top-up package list
        • Get eSIMs list
        • Get eSIM package history
      • Manage orders & eSIMs
        • Get order list
        • Cancel future orders
        • Get order
        • Update eSIM brand
      • Notifications
        • Airalo webhooks optin and flow
        • Understanding webhooks: Asynchronous communication for modern applications
        • Async orders
        • Low data notification - opt In
        • Low data notification - opt out
        • Get low data notification
        • Credit limit notification
        • Webhook definition
        • Webhook simulator
      • Check balance
        • Get balance
      • Refunds
        • Refund request
    • Guides
      • Step #1 - Authentication
  • SDKs
    • Introduction
    • SDK vs. REST API
    • Technical notes
  • WOOCOMMERCE PLUGIN
    • Introduction
    • Product updates
    • Guides
      • How to install the plugin
      • How to setup the Shop price?
      • Customizing "My eSIM" page colors in WooCommerce
      • How to convert prices into local currency
      • How to finalize the shop setup
      • How to test in sandbox
      • How to go live
      • TO DELETE Installation plugin backup
      • Customizing WooCommerce email templates for eSIM sales
    • Troubleshooting
      • Troubleshooting
  • SHOPIFY APP
    • Introduction
    • Guides
      • How to install the Airalo Shopify App
      • How to set up prices in Shopify
  1. Authenticate

Request access token

POST
/v2/token
This endpoint provides an access token required for making authenticated requests to the Airalo Partners API. Submit your client ID and client secret to obtain a token valid for 24 hours. While the token remains valid for a year, we recommend refreshing it more frequently for enhanced security.

Important Notes#

The response contains the access token, which must be cached and reused for subsequent API calls until it expires or is refreshed.
Store the client ID and client secret securely in an encrypted format on your systems.
All actions performed using these credentials will be considered valid transactions, and the partner will be responsible for any associated costs.
Request Request Example
Shell
JavaScript
Java
Swift
curl --location --request POST '/v2/token' \
--header 'Accept: application/json' \
--form 'client_id="<replace with client id>";type=string' \
--form 'client_secret="<replace with client secret>"' \
--form 'grant_type="client_credentials"'
Response Response Example
200 - Request Access Token (200)
{
    "data": {
        "token_type": "Bearer",
        "expires_in": 31622400,
        "access_token": "<access token>"
    },
    "meta": {
        "message": "success"
    }
}

Request

Header Params
Accept
string 
required
Example:
application/json
Body Params multipart/form-data
client_id
string 
required
Required. Unique identifier of your application. Must be kept secure and never exposed publicly.
Example:
<replace with client id>
client_secret
string 
required
Required. Confidential key associated with your client ID. Must be kept secure and never exposed publicly.
Example:
<replace with client secret>
grant_type
string 
required
Required. The grant type should be set to "client_credentials".
It indicates server-to-server authentication, where the client application directly requests an access token without user intervention.
Example:
client_credentials

Responses

🟢200Request Access Token (200)
application/json
Body
data
object 
required
token_type
string 
required
expires_in
integer 
required
access_token
string 
required
meta
object 
required
message
string 
required
🟠422Request Access Token (422)
🟠422Request Access Token (401)
Modified at 2025-07-10 09:46:10
Previous
Endpoints
Next
Get packages
Built with