Authentication
This API is used to authorize user or customer using their own credential to access their respected resources.
Step 1: Authorization Link
This API used for authorization (login) process.
Canonical Path
/rest/h2h/authorization/
Method
POST
Query Param
-
Content-Type
application/json
Content
{
“client_id”: <String, not null>,
“client_secret”: <String, not null>,
“response_type”: “code”,
“user_type”: <String, not null>,
“username”: <String, not null>,
“password”: <String, not null>
}
Description
Field
Description
client_id
Public identifier of the client
client_secret
Client Secret Key
response_type
The value "code"specify that an application is requesting authorization code grant
user_type
User type: CUSTOMER or MERCHANT
username
Username for Login (using phone number)
password
Login Password/PIN (must be hashed using MD5 UPPERCASE)
Step 2 : Request Access Token
Using the authorization code from step 1 the client application can request the access token that can be used to access the API.
Canonical Path
/rest/oauth/token
Method
POST
Query Param
-
Content-Type
application/x-www-form-urlencoded
Content
▪client_id=<String>,
▪client_secret=<String>
▪grant_type=authorization_code
▪code=<String> redirect_uri=<String>
Description
Field
Description
client_id
Public identifier of the client
client_secret
Secret key of the client
grant_type
Type of grant: authorization_code
code
Authorization code
redirect_uri
Redirection endpoint where the service redirect user-agent after an authorization code is granted
access_token
User access token as requested
token_type
The type of token: Bearer
expires_in
The lifetime in seconds of the access token
refresh_token
Token that can be used to obtain new access token using the same authorization grant
scope
The scope of the access token
Step 3 : Client Host Authorization
This API is used to authorize the host of client to access client resources. The flow of this process is based on OAuth client credentials to get access token. The access token then can be used to request the respected resource API.
Canonical Path
rest/oauth/token
Method
POST
Query Param
-
Content-Type
application/x-www-form-urlencoded
Content
▪ client_id=<String>
▪ client_secret=<String>
▪ grant_type=client_credentials
Description
Field
Description
client_id
Public identifier of the client
client_secret
Secret key of the client
grant_type
Type of grant: client_credentials
access_token
Host access token as requested
token_type
The type of token: Bearer
expires_in
The lifetime in seconds of the access token
refresh_token
Token that can be used to obtain new access token using the same authorization grant (never expired)
scope
The scope of the access token
Step 4 : Refresh Token
This API is used to refresh access_token before or after access_token expires as long the refresh_token is still valid.
Canonical Path
/rest/oauth/token
Method
POST
Query Param
-
Content-Type
application/x-www-form-urlencoded
Content
▪ client_id=<String>
▪ client_secret=<String>
▪ grant_type=refresh_token
▪ refresh_token=<refresh_token>
▪ redirect_uri=<String>
Description
Field
Description
client_id
Public identifier of the client
client_secret
Secret key of the client
grant_type
Type of grant: refresh_token
access_token
Host access token as requested
token_type
The type of token: Bearer
expires_in
The lifetime in seconds of the access token
refresh_token
Token that can be used to obtain new access token using the same authorization grant (never expired)
scope
The scope of the access token
Last updated