Auth Specification
This chapter contains information on what is required to make a successful request with the Authorization API. You will need credentials for basic authentication. Our Postman collection also contains an authorisation API call. Download the postman collection to set it up quickly:
Endpoints
Environment | Endpoint URL |
---|---|
Sandbox | Provided via MSafe after being requested |
Production | Provided via MSafe after being requested |
How does it work?
You need an access token to use the API. To obtain an access token you need to call the oAuth API. The oAuth 2.0 specifications recommend passing the API key and secret values as an HTTP-Basic Authentication header. Don't have credentials yet? You can request them in the top right of this portal under the button "Get API keys".
Your API key and secret need to be base64 encoded before you can send them in the header.
In pseudo-code:
result = Base64Encode
(concat('ns4fQc14Zg4hKFCNaSzArVuwszX95X
', ':','ZIjFyTsNgQNyxI
'))
In this example, ns4fQc14Zg4hKFCNaSzArVuwszX95X
is the API key and ZIjFyTsNgQNyxI
is the secret.
The result being: bnM0ZlFjMTRaZzRoS0ZDTmFTekFyVnV3c3pYOTVYOlpJakZ5VHNOZ1FOeXhJ==
Headers
- Name
Content-Type
- Type
- application/x-www-form-urlencoded
- Tag(s)
- Mandatory
- Description
Content type and encoding of the request.
- Name
Authorization
- Type
- Basic
- Tag(s)
- Mandatory
- Description
Basic authorisation token.
Request body
- Name
data-urlencode
- Type
- grant_type=client_credentials
- Tag(s)
- Mandatory
- Description
We only support the grant_type: client_credentials.
Response body
On a succesful request, you will receive an access_token
as well as 'expires_in' which indicates after how many seconds it expires.
At SurePay we do not work with refresh_tokens
. You can not refresh this token. It is advised to make another API call with basic authentication to fetch a new access_token
when this one expires.
Request Curl example
curl --location --request POST '<hostValueWillBeSharedBySurePay>/oauth/client_credential/accesstoken' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic <your basic token>' \
--data-urlencode 'grant_type=client_credentials'
Response example
{
"access_token": "<your bearer token>",
"expires_in": "3599",
"token_type": "BearerToken"
}
- Replace
<hostValueWillBeSharedBySurePay>
with the url provided via MSafe by SurePay, and replace<your basic token>
with your own base64 encoded API key and secret.