POST/oauth/client_credential/accesstoken

Auth Specification

This chapter contains information on what is required to make a successful request with the Authorization API. You will need credentials for basic authentication. Our Postman collection also contains an authorisation API call. Download the postman collection to set it up quickly:

Endpoints

EnvironmentEndpoint URL
SandboxProvided via MSafe after being requested
ProductionProvided via MSafe after being requested

How does it work?

You need an access token to use the API. To obtain an access token you need to call the oAuth API. The oAuth 2.0 specifications recommend passing the API key and secret values as an HTTP-Basic Authentication header. Don't have credentials yet? You can request them in the top right of this portal under the button "Get API keys".

Your API key and secret need to be base64 encoded before you can send them in the header.

In pseudo-code:
result = Base64Encode(concat('ns4fQc14Zg4hKFCNaSzArVuwszX95X', ':','ZIjFyTsNgQNyxI'))

In this example, ns4fQc14Zg4hKFCNaSzArVuwszX95X is the API key and ZIjFyTsNgQNyxI is the secret.

The result being: bnM0ZlFjMTRaZzRoS0ZDTmFTekFyVnV3c3pYOTVYOlpJakZ5VHNOZ1FOeXhJ==

Headers

  • Name
    Content-Type
    Type
    application/x-www-form-urlencoded
    Tag(s)
    Mandatory
    Description

    Content type and encoding of the request.

  • Name
    Authorization
    Type
    Basic
    Tag(s)
    Mandatory
    Description

    Basic authorisation token.

Request body

  • Name
    data-urlencode
    Type
    grant_type=client_credentials
    Tag(s)
    Mandatory
    Description

    We only support the grant_type: client_credentials.

Response body

On a succesful request, you will receive an access_token as well as 'expires_in' which indicates after how many seconds it expires. At SurePay we do not work with refresh_tokens. You can not refresh this token. It is advised to make another API call with basic authentication to fetch a new access_token when this one expires.

Request Curl example

curl --location --request POST '<hostValueWillBeSharedBySurePay>/oauth/client_credential/accesstoken' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic <your basic token>' \
--data-urlencode 'grant_type=client_credentials'

Response example

{
    "access_token": "<your bearer token>",
    "expires_in": "3599",
    "token_type": "BearerToken"
}
  • Replace <hostValueWillBeSharedBySurePay> with the url provided via MSafe by SurePay, and replace <your basic token> with your own base64 encoded API key and secret.