To make payments, get statements or account lists, API consumer must have explicit ConnectPay Person’s permission, allowing access to certain data.
Such APIs are protected using OAuth Access Tokens. Add Access Token as a Bearer type to the Authorization header when accessing these APIs:
Authorization: Bearer brQ7FzFtwraVgut3Iv4ENQax5ea95r
Access Tokens grants specific access rights defined by scopes and they are issued to Person+Customer / DevApp pair using Generate Access Token API. API will respond with pair of Access Token and Refresh Token.
Access Token is valid for 1 hour.
Refresh Token is valid for 30 days.
When Generate Access Token API is used with refresh token it refreshes Access and Refresh tokens.
Tokens can be revoked using Revoke Token API.
This security method is built following Client Credential Grant Flow defined in OAuth 2.0 standard.