Before executing any further API calls on behalf of Embedded Partner Merchant (EPM) account, you'll need to generate unique API ID and Keys that correspond to the EPM.

Executing API calls to generate API keys for an EPM

Using the accountReference returned in the webhook URL against an EPM, you will need to POST against this API:

Check out the API reference

curl --request POST \
     --url https://api.sandbox.bvnk.com/api/token/sub-account \
     --header 'Authorization: Hawk id="B9jnE1U8eLblzHtNeJZRxfcq03CQKcmcP9FOrACMzXb1HfrxrePWsTfuP70JNns9", ts="1633010032", nonce="guGXrD", mac="uKeg+w1qXqzaF/8mOQGv8Y9IlRxyxTT+iINLe03EQ60="' \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
 
  "accountReference": "dfdbf87e-3ad5-451a-90c6-a366ac225622"
}
'

Once you've submitted this request, you'll receive a response confirming success or failure. Success would look like this - 200 OK

Hawk Auth ID is read from access_token and Hawk Auth Key is read from secret field in the response. This Auth ID and Key needs to be applied to all subsequent calls made on behalf of your EPM.

{
  "access_token": "ZEXEZhaP2M1nmUb5E1Z7r4qMSYLaZJHhAcbmWHOdHsmFDmjLuAHzKNYIUx5P0fDW",
  "roles": [
        ""
    ],
  "secret": "fmx9qnZBaX6H64nhUTfqvZhLKLo0TrBdd87nLVbXuPaMuGoqCyqHSkAMe9jkQTOx",
  "token_type": "Hawk",
  "username": "vWNF9AXsFOUjWbL9HQH7kVnd01HcmtrPxh+b7YddTQQ=",
  "impersonate": true,
  "expiry": 1697461743559
}