Versions Compared

Version Old Version 31 New Version 32
Changes made by

PC (Unlicensed)

PC (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In order to use it add the refresh token (provided in the original /oauth/token call) and change the grant_type to refresh_token.

Scope Parameter Usage

For the token endpoint there are two possible scopes: merchant or customer.

  • A token with a merchant scope will be allowed for all endpoints

  • A token with a customer scope will be allowed in all endpoints required by customer facing UI, other endpoints will considered this token invalid.

The endpoints that should be called using a customer scope should be:

  • POST /client-id/{client_id}/merchants/login

  • POST /client-id/{client_id}widget/init

  • POST /client-id/{client_id}/apply

  • GET /client-id/{client_id}/terms-and-conditions

  • POST /client-id/{client_id}/information

  • POST /client-id/{client_id}/accounts/:account_number/calculate-interest

  • POST /client-id/{client_id}/authorization

Request Parameters:

Type

Parameter

RequiredDetails

Details

FORMDATA

client_id

Yes

  • ASCII string (100)

  • This is the Client ID given in the Developer User Account section

FORMDATA

client_idsecret

Yes

  • ASCII string (100)

  • This is the Client ID Secret given in the Developer User Account section

FORMDATA

client_secret

Yes

  • ASCII string (100)

  • This is the Client Secret given in the Developer User Account section

BODY

grant_type

  • ASCII string

  • This is the client's access type

  • possible values: 'password', 'refresh_token', 'client_credentials'

  • default value: 'client_credentials'

BODY

grant_type


  • ASCII string

  • This is the client's access type

  • possible values: 'password', 'refresh_token', 'client_credentials'

  • default value: 'client_credentials'

BODY

refresh_token

  • ASCII string

  • only to be used with the grant_type: refresh_token.

  • It should be the refresh_token attribute in the last response of this method.

BODY

scope

  • ASCII string

  • Available values: ‘customer', 'merchant’

  • Default value: merchant

Example Request:

Code Block
languagejson
{
    "client_id": "flexitidemo",
    "client_secret": "77fde15a-9d33-4e15-930a-76e4b3ae33e9",
    "grant_type": "client_credentials",
    "scope": "merchant"
}

Response Parameters:

Type

Parameter

Required

Details

BODY

access_token

Yes

  • Bearer token to be used in subsequent calls

BODY

expires_in

Yes

  • Time, in seconds, that the token will last

BODY

refresh_token

Yes

  • Token to be used to refresh the access_token

...