The Ezypay APIs use bearer tokens for authorization. To get your token for the first time, make a request to our Get Access Token endpoint:
curl -X POST \
https://identity-sandbox.ezypay.com/token \
-H 'Authorization: application/x-www-form-urlencoded' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=password&username={username}&password={password}&client_id={client_id}&client_secret={client_secret}&scope=integrator%20billing_profile%20create_payment_method%20offline_access'
clientid and clientSecret is given to the partner / integrator once integration is completed
The merchant username, password is sent to merchants via a Welcome Email. To use your tokens, include it in the header of your requests:
-H "Authorization: Bearer {access_token}"
For security reasons, tokens expire in an hour. To refresh a token, call our Refresh Token endpoint:
When getting an access token, you will need to set the scope to:
"integrator billing_profile"
"create_payment_method"
"offline_access"
scope=integrator billing_profile create_payment_method offline_access
The changes required are summarised in the table below:
curl -X POST \
https://identity-sandbox.ezypay.com/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=refresh_token&client_id={clientId}&client_secret={clientSecret}&refresh_token={refreshToken}'
Important Note:
If the
refresh tokenoption is used, Integrator and merchant must be aware that therefresh tokenwill be automatically disabled if it was not used for 7 days.A preferred option is to re-create a new
Authentication Tokenonce theAuthentication Tokenhas expired after an hour.All requests must be sent over HTTPS
If no token is provided, or an invalid one is provided, an Authentication Error is returned. That error should be in the following format:
{
"type": "authentication_error",
"code": 400,
"message": "400 - {\"error\":\"invalid_grant\",\"error_description\":\"The credentials provided were invalid.\"}"
}