Authentication

This API is used to authorize user or customer using their own credential to access their respected resources.

This API used for authorization (login) process.

Canonical Path

/rest/h2h/authorization/

Method

POST

Query Param

-

Content-Type

application/json

Content

{
    “client_id”: <String, not null>, 
    “client_secret”: <String, not null>, 
    “response_type”: “code”, 
    “user_type”: <String, not null>, 
    “username”: <String, not null>, 
    “password”: <String, not null>
}

Description

Field

Description

client_id

Public identifier of the client

client_secret

Client Secret Key

response_type

The value "code"specify that an application is requesting authorization code grant

user_type

User type: CUSTOMER or MERCHANT

username

Username for Login (using phone number)

password

Login Password/PIN (must be hashed using MD5 UPPERCASE)

Step 2 : Request Access Token

Using the authorization code from step 1 the client application can request the access token that can be used to access the API.

Canonical Path

/rest/oauth/token

Method

POST

Query Param

-

Content-Type

application/x-www-form-urlencoded

Content

▪client_id=<String>,

▪client_secret=<String>

▪grant_type=authorization_code

▪code=<String> redirect_uri=<String>

Description

Field

Description

client_id

Public identifier of the client

client_secret

Secret key of the client

grant_type

Type of grant: authorization_code

code

Authorization code

redirect_uri

Redirection endpoint where the service redirect user-agent after an authorization code is granted

access_token

User access token as requested

token_type

The type of token: Bearer

expires_in

The lifetime in seconds of the access token

refresh_token

Token that can be used to obtain new access token using the same authorization grant

scope

The scope of the access token

Step 3 : Client Host Authorization

This API is used to authorize the host of client to access client resources. The flow of this process is based on OAuth client credentials to get access token. The access token then can be used to request the respected resource API.

Canonical Path

rest/oauth/token

Method

POST

Query Param

-

Content-Type

application/x-www-form-urlencoded

Content

▪ client_id=<String>

▪ client_secret=<String>

▪ grant_type=client_credentials

Description

Field

Description

client_id

Public identifier of the client

client_secret

Secret key of the client

grant_type

Type of grant: client_credentials

access_token

Host access token as requested

token_type

The type of token: Bearer

expires_in

The lifetime in seconds of the access token

refresh_token

Token that can be used to obtain new access token using the same authorization grant (never expired)

scope

The scope of the access token

Step 4 : Refresh Token

This API is used to refresh access_token before or after access_token expires as long the refresh_token is still valid.

Canonical Path

/rest/oauth/token

Method

POST

Query Param

-

Content-Type

application/x-www-form-urlencoded

Content

▪ client_id=<String>

▪ client_secret=<String>

▪ grant_type=refresh_token

▪ refresh_token=<refresh_token>

▪ redirect_uri=<String>

Description

Field

Description

client_id

Public identifier of the client

client_secret

Secret key of the client

grant_type

Type of grant: refresh_token

access_token

Host access token as requested

token_type

The type of token: Bearer

expires_in

The lifetime in seconds of the access token

refresh_token

Token that can be used to obtain new access token using the same authorization grant (never expired)

scope

The scope of the access token

Last updated