# Authentication
When enrolled with OPAC gateway, a set of client ID and secret credentials are provided together with your merchant ID.
TIP
Client ID and secret can be generated from your merchant dashboard. The merchant ID is provided to you upon creation of a business (Business specific)
# Server-to-server
- Shell
- JavaScript
# Example header
curl https://API_endpoint_here \
-H "Authorization: Basic <encoded string>" \
To initiate a request to any OPAC's endpoints from your server, the Authorization field of your HTTPS header must include an Basic Authentication scheme.
The "Basic" HTTP authentication scheme is defined in RFC 7617, which transmits credentials as Client ID/Secret pairs, encoded using base64. For e.g :
- Build a string of the
<clientID>:<ClientSecret> - BASE64 encode the string.
- Supply an Authorization header with content Basic followed by the encoded string
# Client to OPAC server
# Retrieve client token
POST: https://api.openacquiring.com/v1/merchants/YOUR_MERCHANT_ID/client_token
Request example
- Shell
- JavaScript
curl -X POST \
https://api.openacquiring.com/v1/merchants/<merchantID>/client_token \
-H 'authorization: Basic ODZidWQ0Y2JremlxOXZmYzoweHI1ZDkwOHo2bmo4a2h6' \
-H 'content-type: application/json' \
-d ''\''grant_type=client_credentials'\'''
Response example
{
"accessToken": "<client_token>",
"tokenType": "Bearer",
"expiresOn": "2018-11-02T21:33:09Z",
"issuedOn": "2018-11-01T21:33:09Z"
}
Together with every client side request, we need to send a client token. To retrieve this, you pass the Basic Authentication in the Authorization header of a get access token request.
In exchange of these credentials the OPAC server will issue a client token.
This sample request uses a bearer token to get payment nonce for a client:
- Shell
- JavaScript
curl -X POST \
http://API_endpoint_here \
-H 'authorization: Bearer <client_token>' \
Include this bearer token in API requests in the Authorization header with the Bearer authentication scheme.