Authentication

API Key

All supported partner contract requests must include the x-partner-key header:

x-partner-key: YOUR_PARTNER_API_KEY

Missing or invalid keys return:

{
  "message": "Invalid partner API key",
  "error": "Forbidden",
  "statusCode": 403
}

Auth Scope

Authenticated: /api/v1/pos/partners/*
Unauthenticated: /api/health/ready, /api/health/live

Legacy Compatibility

Legacy /pos/* and /transactional/* routes remain available for compatibility, but they are not the supported Trident Phase 1 integration path for new partner work.

Operational Note

Rate limiting and key rotation are hardening follow-ups. This public contract reflects the currently supported live behavior, not future policy targets.

API Key​

Auth Scope​

Legacy Compatibility​

Operational Note​

API Key

Auth Scope

Legacy Compatibility

Operational Note