API Authentication

Integration Identifier and Secret

All API calls to Paytronix require that an integration identifier and secret, essentially a username and password for your integration, be sent as part of the request. These values must be sent with every API call in an HTTP Basic authorization header (formatted as the base64-encoded representation of identifier:secret). See the wikipedia entry on HTTP basic authentication if you are not familiar with this form of authentication.

The identifier and secret values will be provided by the Paytronix integrations team once the integration process has begun. The integration identifier uniquely identifies a single application, and must not be shared between separate software systems. As these credentials allow the holder to act on behalf of your application it would be extremely bad if you were to lose control of them, so please be extremely cautious when handling them. In particular, please do not send the secret value in emails, Slack messages, or the like.

Anonymous authentication

Some endpoints do not required additional authentication, however they might still be rejected for security reasons if the particular type of request has been disabled for the merchant or program. No additional parameters are required for anonymous authentication.

AnonymousAuthentication
JSON Parameters:
 
  • authentication (String) – (required) anonymous

Guest email authentication

To authenticate using a registered guest’s email address and card template code, use the email authentication method.

GuestEmailAuthentication
JSON Parameters:
 
  • authentication (String) – (required) email
  • merchantId (Integer) – (required) Paytronix-assigned identifier for the merchant.
  • email (String) – (required) The guest’s email address that is associated with a Paytronix account.
  • cardTemplateCode (Integer) – (required) The card template of the guest’s Paytronix account.

B2B authentication

For server to server integrations as a partner of Paytronix (i.e. not a mobile app or similar) use the b2b authentication method, providing the username and password assigned by Paytronix client services.

B2BAuthentication
JSON Parameters:
 

OAuth authentication

Once an access token has been negotiated with Paytronix for a guest, use the oauth authentication method to use the access token when accessing endpoints.

See OAuth authentication and OAuth Service.

OAuthAuthentication
JSON Parameters:
 
  • merchantId (Integer) – (required) Paytronix-assigned identifier for the merchant.
  • access_token (String) – (required) OAuth access token received from the OAuth service.
  • client_id (String) – (required unless given in ``Authorization`` header) OAuth client identifier, sometimes called an integration identifier. If using both B2B and OAuth, usually the client_id is the same as the B2B username.
  • client_secret (String) – (required unless given in ``Authorization`` header) OAuth client secret password. If using both B2B and OAuth, usually the client_id is the same as the B2B password. Note: client_secret cannot be used in GET requests, instead use the Authorization header.
  • Authorization (String) –

    (required) A HTTP Basic authorization header containing client_id:client_secret that’s been Base64 encoded. See the wikipedia entry on HTTP basic authentication. Using the Authorization header is preferable to client_id and client_secret, as it works for GET, DELETE, POST, and PUT requests equivalently.