Skip to main content

Overview

Wilow uses two layers of authentication:
LayerWhat it identifiesHow to pass it
API KeyYour partner integrationAPI-KEY: ep_... header
Customer TokenThe logged-in customerAuthorization: Bearer {token} header
Your API key is fixed and scoped to your integration. The customer token is obtained per user and must be refreshed if the user re-links.

Getting Your API Key

Reach out to info@wilow.app to get your API-KEY before you can start hitting the APIs.

Getting a Customer Token

Call Link Customer with the user’s details. The response returns an auth_token — store it and use it for all subsequent customer-scoped requests. 
{
  "data": {
    "auth_token": "4055|5TJnGse60PlKk8PSmxHXz3HjgbaDAMvv5Z5mrGSF...",
    "customer_id": 961
  }
}

Which endpoints need which?

EndpointAPI KeyCustomer Token
Link Customer
Location Coverage
List Plans
Available Days
Address
Laundry Preferences
Subscribe
Confirm Payment

Idempotency

All POST requests require an Idempotency-Key header. Use a unique UUID per request to safely retry without duplicating operations. 
Idempotency-Key: 550e8400-e29b-41d4-a716-446655440000