Most API calls require authentication. The secuconnect API uses the OAuth 2.0 protocol for this purpose. The OAuth service checks your credentials, and hands an access token over to you. It grants you access to the API for a limited period of time. The client must pass this token with all subsequent API calls.
The endpoint for OAuth authentication is POST /oauth/token
.
POST /oauth/token HTTP/1.1
Host: connect-testing.secuconnect.com
Content-Type: application/json
Accept: application/json
{
"grant_type": "client_credentials",
"client_id": "00563697073442633035025909838580",
"client_secret": "3382456441636938321687549172178382320163695870914358804052148567"
}
If everything is fine, it responds with 200 OK
and the token details:
HTTP/1.1 200 OK
Content-Type: application/json
{
"access_token": "qb56tjj1bcvo9n2nj4u38k84lo",
"expires_in": 1200,
"token_type": "bearer",
"scope": "https://scope.secucard.com/e/api"
}
You need to pass the received token with your subsequent calls, using the Authorization: Bearer
HTTP header. The above token is qb56tjj1bcvo9n2nj4u38k84lo
, and it is valid for the next 1,200 seconds.
GET /api/v2/General/Merchants/me HTTP/1.1
Host: connect-testing.secuconnect.com
Authorization: Bearer qb56tjj1bcvo9n2nj4u38k84lo
Content-Type: application/json
Accept: application/json
Usually, one doesn't need to use HTTP directly. We provide SDKs for different programming languages free of charge.