...
In order to use it add the refresh token (provided in the original /oauth/token call) and change the grant_type to refresh_token. More information available here: Oauth 2 Authorization Method and Refresh Token
Scope Parameter Usage
For the token endpoint there are two possible scopes: merchant or customer.
...
A token with a customer scope will be allowed in all endpoints required by customer facing UI, other endpoints will considered this token invalid
When to use: for Online channel implementations during the application and authorization flows (outlined below).
A token with a merchant scope will be allowed for all endpoints
When to use: for In-store channel implementations, or Online channel back office processes like capturing an authorization, releasing, refunding/returning, etc.
The endpoints that should be called using a customer scope should be:
...
This endpoint will return information for application form value values and customer facing messaging purposeslike disclaimers
You can retrieve all information or filter for specific messages using a key in the URL
...
The Flexiti widget is used in for the Online channel only, and is for high orchestration scenarios, such as customer verification , using and multiple account selection. It is a UI component as that’s an entry point to the Flexiti credit application and purchase flows.
For full Widget documentation start here - Flexiti Widget - Online Channel - POS API