Authentication Using Identity API

Ezypay API's uses the OAuth 2.0 protocol to authenticate and to authorise external API calls.
Click here on the summary of restful API calls and Oauth 2 authentication that we use at Ezypay.

📘

NOTE

A refresh token is required every hour. It is recommended that the token is refreshed within the hour (E.g. refresh token at 55 minutes)

The credentials that are provided to you are broken up to 2 sections:

Partner/Integrator use onlyMerchant use (Unique for each merchant)
• Client Id
• Client Secret
• Scope
• Username
• Password

As an integrator, you will be provided with a Client Id and Client Secret to use for all merchants. These are unique and need to be stored securely.

Each of the merchants on-boarded by Ezypay will received their own “username”, “password” and “merchant Id” – This is the merchants authentications details and is sent to merchants when they sign up to Ezypay.

The partner platform needs the ability for the merchant to enter their Username, password, and merchant ID.

📘

NOTE

Merchant credentials provided during the merchant on-boarding process will not include the Integrator client Id and the client secret.

Examples on Using Identity API

When getting an access token, you will need to set the scope to:
"integrator billing_profile"
"create_payment_method"
"offline_access"
The changes required are summarised in the table below:

EndpointAccess ForRequest Params
identity.ezypay.com/tokenAll Ezypay APIs
except
Hosted Page APIs
grant_type=password
client_id=abc
client_secret=xyz
username=myuser
password=mypass
scope=integrator billing_profile create_payment_method offline_access

Below is an example of making an API call:

  • To obtain an access token:
https://identity.ezypay.com/token \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'cache-control: no-cache' \
  -d 'grant_type=password&client_id=abc&client_secret=xyz&username=myuser&password=mypassscope=integrator%20billing_profile%20create_payment_method%20offline_access'
  • An example response:
{
  "access_token": "ez123-example-tk.",
  "refresh_token": "ez789-example-rfsh",
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "integrator billing_profile create_payment_method offline_access"
}

Then use the resulting token to make an API call, e.g. retrieving a customer with id customer-id-123:

https://api-global.ezypay.com/v2/billing/customers/customer-id-123 \
  -H 'Authorization: Bearer ez123-example-tk.' \
  -H 'merchant: Merchant'