Authentication
Worldline APIs require authentication on all endpoints and methods.
We currently support one Authentication scheme:
- Bearer Token (OAuth2 - Client Credentials)
Bearer Token
Bearer tokens are temporary security credentials that can be used to authorize 'third parties' (bearers) access to the Worldline API.
These tokens are created by calling the accesstoken endpoint.
Once created the token field must be used in the HTTP Authorization header using the Bearer scheme.
Example HTTPS request with a bearer token in Accept Transactions API
GET /v1.0/acquiring/transaction/acquirers/{acquirerId}/transactions HTTPS/1.1
Accept: application/json
Authorization: Bearer fsdfdsfdsfdsfs9857958hjiIsInR5cCI6IkpXVCJ9
Security Scheme Type | HTTPS |
| HTTP Authorization Scheme | bearer |
| Header parameter name | authorization |
Create Bearer Token - OAuth2 Client Credentials
The Client Credentials grant type is used by clients to obtain an access token outside of the context of a user.
The OAuth 2.0 client credentials grant flow permits an API (confidential client) to use its own credentials, instead of impersonating a user, to authenticate when calling another API.
Steps to obtain an Access token
Step 1: Construct a Basic Authentication header using the following values shared by Worldline team.
Basic field | Example |
|---|---|
| consumerKey | jhfrjh881wtRxgregegegggeg |
| consumerSecret | wfrregergjbD6rNxregregerg |
Step 2: Construct a valid HTTP Basic Authentication header as follows in pseudo-code.
const consumerKey = "jhfrjh881wtRxgregegegggeg";
const consumerSecret = "wfrregergjbD6rNxregregerg";
const authnValue = "Basic " + base64Encode(consumerKey + ":" + consumerSecret);
request.setHeader("Authorization", authnValue);
Security Scheme Type | HTTPS |
|---|---|
| HTTP Authorization Scheme | basic |
| Header parameter name | authorization |
Step 3: Call the rest endpoint of Oauth2 client credentials to obtain the access token.
POST oauth/client_credential/accesstoken?grant_type=client_credentials HTTPS/1.1
Accept: application/json
Authorization: Basic jfvwrjfbrkfbrkbrglenglengelgnegnejwvfwejhf==
The call Response contains the Bearer Access token. Use this token to call the Actual resource.
Example POST call response - field access_token
{
"refresh_token_expires_in": "0",
"api_product_list": "[coffea]",
"api_product_list_json": [
"coffea"
],
"organization_name": "$organization_name",
"developer.email": "$Developermail",
"token_type": "BearerToken",
"issued_at": "1678146804722",
"client_id": "jhfrjh881wtRxgregegegggeg",
"access_token": "Knk9uvvoSALfzo3AGDADzGJ0Ayl1",
"application_name": "4a319510-0793-4332-9627-452ae6a70c1d",
"scope": "",
"expires_in": "3599",
"refresh_count": "0",
"status": "approved"
}