Getting started guide 

In this guide, we will help you get started with Premium Credit Limited (PCL) APIs by explaining how to register on our developer portal, obtain your client ID and client secret, and how to obtain subscription keys and access token. 

Step 1: Registration process and obtaining your credentials  

Make sure you’ve satisfied all prerequisites before proceeding. 

Prerequisites 

1. You had your kick-off call with PCL. 

2. You received the URL to register on PCL’s developer portal. 

Register on the developer portal and obtain your client ID, client secret 

PCL’s developer portal provides access to our products and APIs, and is where you can manage your subscriptions to our products. 

1. Register on our developer portal. 

a. Complete the online registration form. 

b. Click the link in the verification email that is sent to you to complete your registration.


Registration gives you limited access to the developer portal. You can view our products and the APIs they contain but will need to sign the PCL NDA and subscribe to relevant products to access endpoints. 

2. Once you have signed the NDA, PCL starts the process of approving your registration and generating your client ID and client secret.

3. PCL issues your client ID and client secret. You will receive your credentials in a password protected document. Keep these secure. Your client ID and client secret are not accessible in PCL’s developer portal. 

Step 2: How to obtain your product subscription key

Working with your PCL Account Manager or Digital Lead, you will know which products you will need to fulfil your business requirements.  

1. Complete the online subscription for the product you require. Browse our list of products.

Note: products will not be visible until the NDA has been signed and you have been given full access.

2. Contact your PCL Account Manager or Digital lead to notify us of your pending subscription for the product. You need to provide the email address that you used to subscribe. 

3. PCL approves your subscription. You can access your subscription keys in the developer portal under your profile

Step 3: How to obtain your client access token 

Once you have your client ID, client secret and subscription keys you will be able to use the endpoint 'Try it' functionality in the developer portal for the products you have subscribed to.

You can also use the client ID, client secret and subscription keys to contact our endpoints via a tool such as Postman. You can view how to use Postman on the Using Postman page.

In this guide, we will work with the developer portal's 'Try it' functionality.   


1. Your access token expires after 59 min 59 sec and a new one needs to be generated. This is not refreshed on our side so refreshing these tokens before they expire is your responsibility. 

2. Do not generate a new access token for every call. Rather, cache your refreshed token which can be used an unlimited number of times in that hour period. 

Make sure you’ve satisfied all prerequisites before proceeding. 

Prerequisites 

1. You have your client ID and client secret. 

2. PCL approved your subscription to the product. You can access your subscription keys in the developer portal under your profile

Authentication 

Call the endpoint in the Authentication API © Premium Credit Limited to generate a client access token. 

Duplicate headers on 'Try it'

You may encounter duplicate headers when using 'Try it' on some endpoints. Where this occurs, delete the duplicates.

1. Supply header information. The Subscription key dropdown lets you choose the product you wish to generate the client access token for. You can use either the Primary or Secondary subscription key. 

2. Request header fields: 

  • Pcl-apig-request-datetime-stamp: Request datetime stamp, this must be in RFC 1123 format. E.g. 'Sun, 06 Nov 1994 08:49:37 GMT'.

  • pcl-apig-client-originator: This value will be pre-defined by Premium Credit upon commencement of testing. For the test environment this can be 'TEST'. In the production/live environment, this will be the name that PCL assigns to your scheme setup.

  • pcl-apig-client-channel: The client channel and channel version headers enable you to specify the channel and version of your API requests. E.g.

    - Channel – (name of your system)
    - Channel Version - (your current system version)

  • pcl-apig-client-channel-version: The client channel and channel version headers enable you to specify the channel and version of your API requests. E.g.

    - Channel – (name of your system)
    - Channel Version - (your current system version)

  • pcl-apig-request-uid: A unique ID for the request.

  • Content-Type: Media type of the body sent to the API. Possible values:

    - "application/json"
    - "text/json"
    - "application/xml"
    - "text/xml"
    - "application/x-www-form-urlencoded"

  • Ocp-Apim-Subscription-Key (required): Your subscription key which provides access this API. Found in your profile.


The reason we generate both Primary and Secondary subscription keys is to: 

1. Avoid downtime if you need to change keys regularly if this is required by your corporate security policy. 
2. Allow you to temporarily share access keys. You can share the secondary key and regenerate it when you want to revoke access. 

Read more about Primary and Secondary subscription keys

3. In the Request body, provide your client ID and client secret and click Send

grant_type=client_credentials&client_id={ExampleClientId}&client_secret={ExampleClientSecret}

4. A successful call will return an access token which is required to make calls to the endpoints linked to your subscribed product. 

  • token_type: Gives access to the bearer of this token.

  • expires_in: Expires in 59 minutes, 59 seconds.

  • ext_expires_in: Expires in 59 minutes, 59 seconds.

  • expires_on: Unix timestamp of the time the token expires.

  • not_before: Unix timestamp of the time the token will not expire before.

  • resource: The resource the token is valid for.

  • access_token: The client access token required to make API calls. Valid for 59 minutes, 59 seconds.

5. Make a copy of your access token as it is required for making calls to endpoints. 

6. When calling an endpoint, paste the access token into the Authorization field. 

If you’re using Postman, don’t delete the word “Bearer “ when pasting your access token into the Authorization field. 


1. Accounts and keys are environment-specific. 
2. The keys you will be issued are for the test environment. 
3. New credentials will have to be obtained from PCL for Production. 
4. Your account will hold the details of each of your Product Subscriptions and these details can be viewed in your profile. 

VIEW YOUR PROFILE

You're all ready to go...

Familiarise yourself with our products and APIs.

If you have any questions, contact us and we will be happy to help as best we can.