Referral Partner Authentication
Referral Partners use two-layer authentication:
- API Key — Authenticates with the Referral Partner API
- JWT Bearer Token — Authenticates with the Customer API when acting on behalf of referred clients
Layer 1: Referral Partner API
Include your API key in the XApiKey header for all Referral Partner API requests:
GET /creditors HTTP/1.1
Host: referral-api.debitura.com
XApiKey: YOUR_API_KEY
Contact partnerships@debitura.com to obtain your API key.
For base URLs (including test environment), see Referral Partner Environments.
Layer 2: Customer API (JWT Tokens)
To create cases on behalf of referred clients, generate a JWT token using the OAuth endpoint:
POST /oauth/token HTTP/1.1
Host: referral-api.debitura.com
XApiKey: YOUR_API_KEY
Content-Type: application/json
{
"ExternalTenantId": "your-tenant-identifier"
}
Response:
{
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"expiresIn": 1800,
"creditorId": "uuid-of-linked-creditor"
}
Token Details
| Property | Value |
|---|---|
| Algorithm | HS256 |
| Expiry | 30 minutes (1800 seconds) |
| Refresh | Not supported — request a new token when expired |
Using the Token
Include the JWT in Customer API requests via the Authorization header:
POST /cases HTTP/1.1
Host: customer-api.debitura.com
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
Content-Type: application/json
{
"debtor": { ... },
"claims": [ ... ]
}
Token Expiry Handling
When a JWT expires, Customer API requests return 401 Unauthorized. Request a new token and retry.
For request limits, see Rate Limiting. For API details, see the Referral Partner API Reference and Customer API Reference.