To make payments, get statements, or access account lists, the API consumer must have explicit permission from a ConnectPay Person, allowing access to certain data. These APIs are protected using OAuth Access Tokens.
OAuth 2.0 Security
ConnectPay APIs utilize the OAuth 2.0 model, specifically the Client Credential Grant Flow. This ensures secure access to your data. Here’s how it works:
- Access Tokens: Add the Access Token as a Bearer type to the Authorization header when accessing these APIs:
- Authorization: Bearer brQ7FzFtwraVgut3Iv4ENQax5ea95r
- Token Validity: Access Token: Valid for 1 hour. Refresh Token: Valid for 30 days.
- Token Generation: Use the Generate Access Token API to obtain a pair of Access and Refresh Tokens. Using the Refresh Token refreshes both tokens.
- Token Revocation: Tokens can be revoked using the Revoke Token API.
Integration
- DevApp Creation: Ensure you have a registered DevApp to use the APIs.
- API Access: Follow the steps to generate and manage your tokens securely
Token generation
- Use the Generate Access Token API to obtain an Access Token and a Refresh Token.
- Include the Access Token as a Bearer token in the Authorization header for API requests:
- Authorization: Bearer brQ7FzFtwraVgut3Iv4ENQax5ea95r
Token maintenance
- Access Token: This token is valid for 1 hour. Use it for API requests within this period.
- Refresh Token: This token is valid for 30 days. Use it to obtain a new Access Token and Refresh Token before the current Access Token expires.
- Token Refresh: Regularly refresh tokens using the Refresh Token to ensure uninterrupted API access.
- Token Revocation: Revoke tokens when they are no longer needed using the Revoke Token API.
For more detailed instructions, refer to the product-related documentation.
Feel free to let me know if you need any further adjustments!