Start HereGet Started

Get Started

Set up your kadosei merchant account and get your first API key

Before you begin

You'll need:

  • A kadosei merchant account (see below as accounts are created by invitation)

  • A server-side environment capable of making HTTPS requests

  • A publicly accessible HTTPS endpoint to receive webhooks (required before going live; not needed for initial setup)


Step 1: Accept your invitation

kadosei merchant accounts are created by invitation. When your account is provisioned, you'll receive an email containing a signup link. The link includes a one-time token and expires after 2 hours if it expires, contact your kadosei account manager to request a new one.

Click the link, or use it directly to complete signup via the API.

Step 2: Complete merchant signup

Submit your organisation details and admin user credentials to the signup endpoint. The invite token is passed as a query parameter.

POST /api/v1/merchants/signup?token={your_invite_token}

{
  "organization": {
    "legalBusinessName": "Acme Pty Ltd",
    "companyRegistrationNumber": "ACN 123 456 789",
    "registeredAddress": {
      "line1": "123 Market St",
      "city": "Sydney",
      "state": "NSW",
      "postalCode": "2000",
      "country": "AU"
    },
    "companyWebsite": "https://www.acme.com",
    "industry": "Retail",
    "sector": "E-commerce",
    "contactPersonFirstName": "Jane",
    "contactPersonLastName": "Smith",
    "contactPersonEmail": "jane.smith@acme.com"
  },
  "admin": {
    "email": "jane.smith@acme.com",
    "password": "your-secure-password",
    "firstName": "Jane",
    "lastName": "Smith"
  }
}

Password requirements: 16–32 characters.

A successful response confirms your merchant account and admin user have been created. You can now log in.

Common Errors

StatusMeaning
400Token missing, invalid, or request body failed validation
409Account could not be created with the provided details
410Invite token has already been used or has expired

Step 3: Log in and obtain a JWT

Your JWT authenticates management operations for creating applications, generating API keys, and configuring your account.

POST /api/v1/auth/login

{
  "email": "jane.smith@acme.com",
  "password": "your-secure-password"
}
{
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expiresIn": 3600
}

Store the accessToken and include it as a Bearer token in subsequent management API requests:

Authorization: Bearer {accessToken}

JWTs expire after 3600 seconds (1 hour). When your token expires, call

POST /api/v1/auth/login again to obtain a new one.

Next Steps

With your account created and a valid JWT, you're ready to set up your first application and generate an API key, which is what you'll use to authenticate payment calls from your server.