Generate authCode via Online Banking Portal

General information

Some terminology

  • Person – physical ConnectPay User.
  • Customer – entity that holds accounts. It can be either Personal, either Corporate. Person can belong to several Customers of any type.

OAuth 2.0

ConnectPay APIs are secured using OAuth2.0 model, following Authorization Code Grant flow. Your Customer’s Master Account Represenative (MAR) will have to get temporary authCode viaOnline Banking portal and share it with engineering team. Engineers will have to exchange this authCode to Access Token via secure server-to-server channel (and setup a procedure to maintain it)

To access your data via API, with each request you must present valid Access Token which is associated with Person and Customer. Your data will not be accessible to other Customers.

E.g., You, as a Person X, belong to Customer A and Customer B. You have Access Token issued to Person X and Customer A. With this Token will not be able to access Customers B data.

Getting authCode

Open API tab and press + Generate AuthCode button to start new API access flow.

Select Product. For accessing Online Banking APIs, choose Online Baking API. For accessing Merchant Gateway APIs, choose Merchant API

Carefully read Terms of Use. You have to accept them to access APIs.

Enter API key (a.k.a, ClientId) that you can find in DevApp list, next to DevApp name.

Press Next.

Note: Grant selection screen is only available for Online Banking APIs. For Merchant APIs, jump to #5

Select required grants (OAuth 2.0 scopes):

  • Payments – grant that allows to initiate payments, view payment statuses and details.
  • Pre-Authorized Payments – specific grant that allows to authorize already initiated payments.
  • Accounts – grant that allows to access your account details, like account or transaction lists.
  • Banking as a Service – grant that allows access to BaaS functionality.

By utilizing Payments and Accounts grants, you can automate payment initiation and authorization as this flow does not require human intervention.

Press Next

To generate authCode, you must authorize the procedure. Hence, you will be presented with authorization option (via OTP or Mobile App)

After successful authorization, you will be presented with authCode:

Share with code with engineering team, so they could exchange it to Access Token.
Code will be valid for 24 hours.


DevApp creation

Scroll to Top