Page Comparison

...

Online API Endpoints

POST /oauth/token

Code Block
https://onlineapi.flexiti.fi/flexiti/online-api/oauth/token

This service Authenticates the developer user and provides a Bearer Token that needs to be used as part of every future request.

The auth token is active for 20 minutes and the refresh token is used to get a new access token when the current one is about to expire. It cannot be refreshed after it is expired. You can follow the guide here on how to implement the refresh token: https://flexiti.atlassian.net/l/c/UxFd6Vg5

To use it add the refresh token (provided in the original /oauth/token call) and change the grant_type to refresh_token.

Request Parameters:

...

Type

...

Parameter

...

Required

...

Details

...

Body

...

grant_type

...

Yes

...

Body

...

client_id

...

Yes

...

Body

...

client_secret

...

Yes

...

Body

...

username

...

No

...

Body

...

password

...

No

...

Header

...

Authorization

...

No

...

Response Parameters:

...

Type

...

Parameter

...

Details

...

String

...

access_token

...

String

...

token_type

...

Integer

...

expires_in

...

refresh_token

...

scope

...

Example Response:

{

"access_token": "e1f7258ee83a9b9ab0df88c72da5d12e5bcb190d",

"token_type": "Bearer",

"expires_in": 1199,

"refresh_token": "3a9c2cc9098c172fd757e903e2e34b8e137c29e6",

"scope": "merchant"

}

...

NOTE: The API request must be passed in the x-www-form-urlencoded format, or you will receive an error.

Request Parameters:

Type	Parameter	Required	Details
FORMDATA/BODY	client_id	Yes	ASCII string (100) This is the Client ID given in the Developer User Account section
FORMDATA/BODY	client_secret	Yes	ASCII string (100) This is the Client Secret given in the Developer User Account section
HEADER	x-reference-id	Yes	ASCII string (32) GUID Unique identifier for the flow for traceability purposes
FORMDATA/BODY	grant_type	No	ASCII string This is the client's access type possible values: 'password', 'refresh_token', 'client_credentials' default value: 'client_credentials'
FORMDATA/BODY	refresh_token	Yes - If grant_type = “refresh_token”	ASCII string only to be used with the grant_type: refresh_token. It should be the refresh_token attribute in the last response of this method.
FORMDATA/BODY	scope	No	ASCII string Available values: ‘customer', 'merchant’ Default value: merchant

Example Request:

...

Response Parameters:

Type	Parameter	Details
BODY	access_token	Bearer token to be used in subsequent calls
BODY	expires_in	Time, in seconds, that the token will last
BODY	refresh_token	Token to be used to refresh the access_token

Success Response:

Code Block
{ "token_type": "bearer", "access_token": "2d8f373a3c2b1e61baf5a7769930ff4f0e08cdb0", "expires_in": 1200, "refresh_token": "36e0fc3d7415145f4b1d71512c459fd6eaa13aa8", "scope": "merchant" }

POST /online/v2/client-id/{clientId}/systems/init

...

Code Block
https://onlineapi.flexiti.fi/flexiti/online-api/online/

...

client-id/{

...

{client_id}}/systems/init

This endpoint will return the Flexiti payment gateway, allowing customers to checkoutOnline Flow as a Redirect URL, which can be hosted in a Modal (Preferred presentation method).

Request Parameters:

Type

Parameter

Required

Details

Header

HEADER

Authorization

authorization

Yes

Path

clientId

Yes

Body

merchant_orderid

string

is_guest

True, False

customer_id

string

vcc

Yes for existing cardholders

string

has_previous_purchase

True, False

lang

En-CA, en-FR

flow

Apply, Buy

salutation

Mr, Mrs, Ms

amount_requested

string

email

string

phone_number

string

fname

string

mname

string

lname

string

dob

string

address_1

string

address_2

No

string

city

string

province

ON, AB, QC,

postal_code

string

show_close_button

string

billing_information

"billing_information": {

"first_name": "string",

"last_name": "string",

"address_1": "string",

"address_2": "string",

"city": "string",

"postal_code": "string",

"province": "string"

shipping_information"

"shipping_information": {

"address_1": "string",

"address_2": "string",

"city": "string",

"postal_code": "string",

"province": "string"

Yes	ASCII string (40) This is the word “Bearer” with a space and then the access_token given in oauth/token API response Default value: Bearer {insert_bearer_token_from_oauth_here/token_api}
HEADER	x-reference-id	Yes	ASCII string (32) GUID Unique identifier for the flow for traceability purposes
PATH	client_id	Yes	ASCII string (100) This is the Client ID given in the Developer User Account section
BODY	merchant_orderid	Optional	ASCII String Optional field provided by the merchant (Typically the order ID in the Merchant Shopping Cart). This value can be used to request information from Flexiti regarding the transaction in the GET /notifications/merchant-order-id/{merchant-order-id} endpoint.
BODY	is_guest	Optional	Boolean Identifies if the current shopping cart user is running a guest session. Is useful to identify the application risk Default value: false
	customer_id	Optional - Required for Buy & Apply/Buy Flow if VCC is not provided	ASCII string (20) Value helps in identifying customer if their customer-id is already known (i.e. Merchant can save a customer’s Flexiti customer-id to be associated with their merchant profile). This makes it easier for the Flexiti Online flow to identify the customer account, taking them directly to checkout.
	vcc	Optional - Required for Buy & Apply/Buy Flow if customer_id is not provided	ASCII string (16) The FlexitiCard Number (VCC) of the Customer. If provided, takes the customer directly to the checkout flow.
	has_previous_purchase	Optional	Boolean Help identify if the current shopping cart user has previously purchased using your

Success Response:

{

"online_order_id": 0,

...

Versions Compared

Old Version 2

New Version 3

Key

Online API Endpoints

POST /oauth/token

POST /online/v2/client-id/{clientId}/systems/init