API Authentication Styles

Anonymous authentication

Some endpoints do not required additional authentication, however they might still be rejected for security reasons if the particular type of request has been disabled for the merchant or program. No additional parameters beyond the type of authentication being used are required for anonymous authentication.

AnonymousAuthentication
JSON Parameters:
 
  • authentication (String) – (required) anonymous

Guest card authentication

To authenticate using a guests’ card number and registration code, use the card authentication method. Merchants or programs that do not have a registration code must use another authentication method such as OAuth authentication

GuestCardAuthentication
JSON Parameters:
 
  • authentication (String) – (required) card
  • merchantId (Integer) – (required) Paytronix-assigned identifier for the merchant.
  • printedCardNumber (String) – (required) Unique card number, usually 16 digits or more and printed on the back of the plastic card.
  • registrationCode (String) – (required) Registration code printed on the plastic card, or generated automatically with a virtual card. Usually 6 digits.

Guest user authentication

To authenticate using a registered guest’s username and password, use the guest authentication method. Guests that are not registered with the Paytronix system must use another authentication method such as OAuth authentication.

Warning

This authentication style should NOT be used with GET requests, as the query string is often logged and therefore would have the guest’s password in the clear.

GuestUserAuthentication
JSON Parameters:
 
  • authentication (String) – (required) guest
  • merchantId (Integer) – (required) Paytronix-assigned identifier for the merchant.
  • username (String) – (required) The guest’s registered Paytronix username.
  • password (String) – (required) The guest’s registered password.

Guest email authentication

To authenticate using a registered guest’s email address and card template code, use the email authentication method.

GuestEmailAuthentication
JSON Parameters:
 
  • authentication (String) – (required) email
  • merchantId (Integer) – (required) Paytronix-assigned identifier for the merchant.
  • email (String) – (required) The guest’s email address that is associated with a Paytronix account.
  • cardTemplateCode (Integer) – (required) The card template of the guest’s Paytronix account.

B2B authentication

For server to server integrations as a partner of Paytronix (i.e. not a mobile app or similar) use the b2b authentication method, providing the username and password assigned by Paytronix client services.

B2BAuthentication
JSON Parameters:
 

OAuth authentication

Once an access token has been negotiated with Paytronix for a guest, use the oauth authentication method to use the access token when accessing endpoints.

See OAuth authentication and OAuth Service.

OAuthAuthentication
JSON Parameters:
 
  • merchantId (Integer) – (required) Paytronix-assigned identifier for the merchant.
  • access_token (String) – (required) OAuth access token received from the OAuth service.
  • client_id (String) – (required unless given in ``Authorization`` header) OAuth client identifier, sometimes called an integration identifier. If using both B2B and OAuth, usually the client_id is the same as the B2B username.
  • client_secret (String) – (required unless given in ``Authorization`` header) OAuth client secret password. If using both B2B and OAuth, usually the client_id is the same as the B2B password. Note: client_secret cannot be used in GET requests, instead use the Authorization header.
  • Authorization (String) –

    (required) A HTTP Basic authorization header containing client_id:client_secret that’s been Base64 encoded. See the wikipedia entry on HTTP basic authentication. Using the Authorization header is preferable to client_id and client_secret, as it works for GET, DELETE, POST, and PUT requests equivalently.