# Technical and Security Aspects

### Authentication

The Support Ticket API requires you to authenticate with the email and password of a user account created on the Merchant Panel. Once you request to authenticate to the Login Endpoint, we will respond with a cookie called **BEARER\_TOKEN** containing a token you have to use in the next API calls to remain authenticated.

{% hint style="info" %}
The **BEARER\_TOKEN** cookie will expire after **15 minutes** of its last request. Otherwise you may use the Logout Endpoint to invalidate the cookie for future usages.
{% endhint %}

#### BEARER\_TOKEN cookie

Upon successful authentication, the response will include a header field named `Set-Cookie`. This particular field will carry a cookie labeled as **BEARER\_TOKEN** that has to be sent back to the server in all the following requests to stay logged in.

Example of a cookie in the header with the BEARER\_TOKEN value:

```
cookie: BEARER_TOKEN=U3dcUx8IRJ5nLjb0WYM4cHa3qHFqnrqAk
```

To send requests, ensure you include the BEARER\_TOKEN obtained from the Login Endpoint in the Authentication header field of the requests. You can use it in the following ways:

**As part of the header:**

```
Authorization: Bearer U3dcUx8IRJ5nLjb0WYM4cHa3qHFqnrqAk
```

**Or as a cookie:**

```
cookie: BEARER_TOKEN=U3dcUx8IRJ5nLjb0WYM4cHa3qHFqnrqAk
```

See [this page](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies) to learn more about cookies.

{% hint style="info" %}
Make sure you add in the header of the request the following value:\
**Content-Type: application/json**
{% endhint %}

### Secure Connections

All the communications between you and the Merchants API has to be performed through secure connections over **HTTPS**.

### Switching Between MIDs

In cases where a user needs to manage tickets from more than one MID, the Switch Context endpoint allows you to switch effortlessly between MIDs irrespective of the number of MIDs the user account belongs to.

If switched from MID A to MID B, note that all responses from other endpoints will operate under MID B.

{% hint style="warning" %}
You cannot switch to an account that the user does not belong to.
{% endhint %}

### Document Types

When attaching documents to a ticket, you must specify the document type. The following types are accepted:

| Type             | Description                            |
| ---------------- | -------------------------------------- |
| `VOUCHER`        | Payment receipt or proof of transfer   |
| `ID_DOCUMENT`    | Government-issued identification       |
| `BANK_STATEMENT` | Bank statement showing the transaction |

{% hint style="info" %}
For deposit review tickets, if a voucher already exists in the system it gets attached automatically. Check the `uploadedDocuments` field in the response before uploading a duplicate.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.lime-pay.com/api-documentation/support-tickets-api/technical-and-security-aspects.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.