Authentication Using Identity API
Ezypay API's uses the OAuth 2.0 protocol to authenticate and to authorise external API calls.
Click here on the summary of restful API calls and Oauth 2 authentication that we use at Ezypay.
NOTE
A refresh token is required every hour. It is recommended that the token is refreshed within the hour (E.g. refresh token at 55 minutes)
The credentials that are provided to you are broken up to 2 sections:
| Partner/Integrator use only | Merchant use (Unique for each merchant) |
|---|---|
| • Client Id • Client Secret • Scope | • Username • Password |
As an integrator, you will be provided with a Client Id and Client Secret to use for all merchants. These are unique and need to be stored securely.
Each of the merchants on-boarded by Ezypay will received their own “username”, “password” and “merchant Id” – This is the merchants authentications details and is sent to merchants when they sign up to Ezypay.
The partner platform needs the ability for the merchant to enter their Username, password, and merchant ID.
NOTE
Merchant credentials provided during the merchant on-boarding process will not include the Integrator client Id and the client secret.
Examples on Using Identity API
When getting an access token, you will need to set the scope to:
"integrator billing_profile"
"create_payment_method"
"offline_access"
scope=integrator billing_profile create_payment_method offline_access
The changes required are summarised in the table below:
| Endpoint | Access For | Request Params |
|---|---|---|
| identity.ezypay.com/token | All Ezypay APIs except Hosted Page APIs | grant_type=password client_id=abc client_secret=xyz username=myuser password=mypass scope=integrator billing_profile create_payment_method offline_access |
Below is an example of making an API call:
- To obtain an access token:
https://identity.ezypay.com/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'cache-control: no-cache' \
-d 'grant_type=password&client_id=abc&client_secret=xyz&username=myuser&password=mypassscope=integrator%20billing_profile%20create_payment_method%20offline_access'
- An example response:
{
"access_token": "ez123-example-tk.",
"refresh_token": "ez789-example-rfsh",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "integrator billing_profile create_payment_method offline_access"
}
Then use the resulting token to make an API call, e.g. retrieving a customer with id customer-id-123:
https://api-global.ezypay.com/v2/billing/customers/customer-id-123 \
-H 'Authorization: Bearer ez123-example-tk.' \
-H 'merchant: Merchant'
Updated 10 months ago