API console
Paste your stage merchant credentials and run live calls against Wink. Each operation routes through this portal's same-origin proxy to stagelogin-api.winkapis.com, so CORS won't get in the way.
How auth works here. Wink uses three auth schemes depending on the endpoint:
Basic clientId:secret
POST /wink/v1/session and a few merchant-only calls.
Basic clientId:sessionId
face / voice / lookup / merchant-config (Login host, single-use session per call).
Bearer sessionId
consent + a few session-scoped endpoints.
Bearer userAccessToken
profile / wallet / WinkPin / 2FA — needs a real user. Authenticate a test user (step 2) first.
Sessions are single-use, so the console mints a fresh one under the hood for each session-scoped call — you'll see a session-mint log row plus the operation row per Run. The user accessToken is reused until it expires.
Active backend hosts. Calls from this console route to the hosts below. Your Client ID + secret must belong to the same environment as the login host — otherwise POST /wink/v1/session returns 401 with an empty body.
- Loading…
Admins can switch environments via the gear icon in the top-bar.