Refresh the customer-session token
Slides the customer-session JWT window. Requires Authorization: Bearer <token>. Enforces a 30-minute hard cap on the refresh chain — beyond that the customer must re-OTP.
Authorization
apiKey Merchant API key. Publishable keys (pk_test_* / pk_live_) are safe for browser/frontend use and carry a limited scope set (sessions, payment_instruments, customers, orders writes; products, product_prices, payment_links reads). Secret keys (sk_test_ / sk_live_*) grant full admin access and must only be used server-side.
In: header
Response Body
application/json
application/json
application/json
curl -X POST "https://loading/v1/api/easy-connect/refresh"{
"success": true,
"timestamp": "2019-08-24T14:15:22Z",
"data": null,
"message": "string",
"pagination": {
"total": 0,
"limit": 1,
"offset": 0,
"has_more": true,
"cursors": {
"first": "string",
"last": "string"
}
}
}{
"success": false,
"timestamp": "2019-08-24T14:15:22Z",
"error": {
"code": "string",
"message": "string",
"details": null
}
}{
"success": false,
"timestamp": "2019-08-24T14:15:22Z",
"error": {
"code": "string",
"message": "string",
"details": null
}
}Look up an Easy Connect customer by email
Returns whether the email corresponds to an enrolled customer AND is in a country eligible for Easy Connect SMS verification. Response shape is identical for unrecognized vs. recognized-but-ineligible so the endpoint can't be used to enumerate enrolled emails.
Send a verification code to the customer's phone
Triggers Twilio Verify to deliver an SMS OTP. Gated by per-IP / per-email / per-phone rate limits, country eligibility, and the email-must-be-enrolled rule. Returns `{sent: true}` on success and `{sent: false}` for any rejection — never leaks which gate failed.