EMail SupportWindows Support / Mac Support Support-Hotline: +1 (702) 997-7672

(emergency support 24/7/365 | user help Mon - Fri 8AM - 6PM PST)

API Authentication


API Access

The API is proved through REST web services. The default format is standard JSON. Access to the API is only granted to verified applications. Each application owns its public application ID and its private secret. Each application can access multiple KORONA.pos Cloud accounts. Applications need to have a token for every account.

Get Access Token

This action has to be performed once for each account. The token should always be kept private and only be stored on the server side.


  • Application ID
  • Application Secret
  • Api Key

Acquire Token

HTTP GET Request:{application ID}/{secret}/{Api Key}




HTTP GET Request:



Example Code (PHP)

$appId = "017b4179-b8f2-4226-b7ae-764f97e42bef";
$secret = "ksdj38slken98sn3o";

$apiKey = "01aidlrxffxtan0gqqv2b9kh5me01o62qt5r4sjka01mvck502cdgvy";

$koronaApiUrl = ""

$token = file_get_contents("$koronaApiUrl/v1/auth/$appId/$secret/$apiKey");

echo "token: $token";

Data Security

In order to protect sensitive data Combase requires the following behavior for any application using the Korona.pos Cloud API.

  • Application Secret must remain private and should only be accessible by the application developer/owner.
  • API Keys should only be accessible by the account owner and the application developer/owner. It should only be used to acquire an API token and neither stored nor used at any later time.
  • Cookies, client side storage or client side URLs must not contain application secret or API token at any time!

Use Token

In order to perform any further API calls which access data of a particular account the token will always be required.

HTTP API Request:{token}/{request}

Follow the API Data Calls Tutorial to find out about how to fetch data using the API token.