Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs-openpay.nipuntheekshana.com/llms.txt

Use this file to discover all available pages before exploring further.

Admin Authentication

The Admin API uses a separate JWT from the merchant API. Obtain an admin token by calling the admin login endpoint: 
POST https://olp-api.nipuntheekshana.com/v1/admin/auth/login

{
  "email": "admin@openpay.com",
  "password": "your_password"
}
Include the token in all subsequent admin requests: 
Authorization: Bearer <admin_token>
Admin tokens are distinct from merchant tokens. A merchant Bearer token will not grant access to admin routes.

Role-Based Access Control (RBAC)

Admin users are assigned roles, and each role contains a set of permissions. The platform enforces RBAC on every admin endpoint — if the authenticated user’s role does not include the required permission, the API returns 403 FORBIDDEN.
ConceptDescription
RoleA named group of permissions (e.g., super_admin, support_agent)
PermissionA granular access right (e.g., merchants.approve, withdrawals.manage)
Manage roles and permissions via the User Management endpoints.

Available Endpoint Groups

GroupDescriptionReference
Merchant ManagementList, approve, reject, freeze, and terminate merchantsMerchant Management
Withdrawal ManagementReview, approve, reject, and complete withdrawalsWithdrawal Management
Audit LogsQuery platform-wide and merchant-scoped audit trailsAudit Logs
Platform SettingsConfigure payments, security, notifications, and moreSettings
User ManagementManage admin users and RBAC rolesUser Management

Error Handling

Admin endpoints follow the same error format as the rest of the API: 
{
  "error": {
    "code": "FORBIDDEN",
    "message": "You do not have permission to perform this action"
  }
}
See the API Overview for the full list of error codes, pagination format, and rate-limit details.