Authentication with OAuth 2.0

Most API calls require authentication. The secuconnect API uses the OAuth 2.0 protocol for this purpose. The OAuth service checks your credentials, and hands an access token over to you. It grants you access to the API for a limited period of time. The client must pass this token with all subsequent API calls.

The endpoint for OAuth authorization is POST / oauth/token.

POST /oauth/token HTTP/1.1
Content-Type: application/json
Accept: application/json
"grant_type": "client_credentials",
"client_id": "09ae83af7c37121b2de929b211bad944",
"client_secret": "9c5f250b69f6436cb38fd780349bc00810d8d5051d3dcf821e428f65a32724bd"

Successful response:

HTTP/1.1 200 OK
Content-Type: application/json
"access_token": "qb56tjj1bcvo9n2nj4u38k84lo",
"expires_in": 1200,
"token_type": "bearer",
"scope": ""

You need to pass the received token (line 6) in an Authorization: Bearer header in your subsequent calls. The returned OAuth token (line 6) is valid for as many seconds as signalized in the expires_in field (line 8).

Example Request
GET /api/v2/General/Merchants/me HTTP/1.1
Authorization: Bearer qb56tjj1bcvo9n2nj4u38k84lo
Content-Type: application/json
Accept: application/json

Usually, one doesn't need to use HTTP directly. The corresponding example using the secuconnect PHP SDK:

Example PHP
use \Secuconnect\Client\Configuration;
use \Secuconnect\Client\Authenticator;
use \Secuconnect\Client\OauthCredentials;
// Optionally you can configure a PSR-6 compliant cache
// Create an authenticator object with OAuth authentication and obtains token
$auth = new Authenticator(OauthClientCredentials::from($clientId, $clientSecret));
$accessToken = $auth->getToken();
// Saves the token to the default client configuration

We provide SDKs for PHP, Java, NodeJS, and .NET free of charge.