API Authentication Styles

Anonymous authentication

Some endpoints do not required additional authentication, however they might still be rejected for security reasons if the particular type of request has been disabled for the merchant or program. An HTTP Basic authorization header containing client_id:client_secret that’s been Base64 encoded is required. See the wikipedia entry on HTTP basic authentication. No additional parameters are required for anonymous authentication.

AnonymousAuthentication
JSON Parameters:
 
  • authentication (String) – (required) anonymous

Guest email authentication

To authenticate using a registered guest’s email address and card template code, use the email authentication method.

GuestEmailAuthentication
JSON Parameters:
 
  • authentication (String) – (required) email
  • merchantId (Integer) – (required) Paytronix-assigned identifier for the merchant.
  • email (String) – (required) The guest’s email address that is associated with a Paytronix account.
  • cardTemplateCode (Integer) – (required) The card template of the guest’s Paytronix account.

B2B authentication

For server to server integrations as a partner of Paytronix (i.e. not a mobile app or similar) use the b2b authentication method, providing the username and password assigned by Paytronix client services.

B2BAuthentication
JSON Parameters:
 

OAuth authentication

Once an access token has been negotiated with Paytronix for a guest, use the oauth authentication method to use the access token when accessing endpoints.

See OAuth authentication and OAuth Service.

OAuthAuthentication
JSON Parameters:
 
  • merchantId (Integer) – (required) Paytronix-assigned identifier for the merchant.
  • access_token (String) – (required) OAuth access token received from the OAuth service.
  • client_id (String) – (required unless given in ``Authorization`` header) OAuth client identifier, sometimes called an integration identifier. If using both B2B and OAuth, usually the client_id is the same as the B2B username.
  • client_secret (String) – (required unless given in ``Authorization`` header) OAuth client secret password. If using both B2B and OAuth, usually the client_id is the same as the B2B password. Note: client_secret cannot be used in GET requests, instead use the Authorization header.
  • Authorization (String) –

    (required) A HTTP Basic authorization header containing client_id:client_secret that’s been Base64 encoded. See the wikipedia entry on HTTP basic authentication. Using the Authorization header is preferable to client_id and client_secret, as it works for GET, DELETE, POST, and PUT requests equivalently.

Store authentication

To authenticate through a PXC from a store, use the store authentication method.

StoreAuthentication
JSON Parameters:
 
  • authentication (String) – (required) store
  • merchantId (Integer) – (required) Paytronix-assigned identifier for the merchant.
  • storeCode (String) – (required) The store’s code that uniquely identifies it for a merchant.
  • agentName (String) – (required) The name of the agent associated with the store.