Guest Website Redirect Flow

To authenticate a guest using their Paytronix account information

1. User navigates to integrator’s website (eg. https://www.myawesomewebsite.com/login)

2. User clicks the login button and is redirected to Paytronix’s guest website, passing in the following GET parameters:

   • “state” optional - An opaque value that should be used by the client to maintain state between the request and callback. See OAuth 2.0 IETF RFC6749 for more information
   • “redirect_uri” required - A allow-listed Uniform Resource Identifier (URI) to which the guest may be redirected after an authorization grant is issued (Must be provided to Paytronix before integrating)
   • “client_id” required - A Paytronix issued id for which the authorization grant is issued
   • “scope” optional - A space separated sequence of values representing the requested access scope. Values are ‘account_read’, ‘account_write’, ‘user_read’, ‘user_write’
   • “response_type” required - Must be ‘code’

   eg. https://myawesomesite.myguestaccount.com/guest/accountlogin?response_type=code& client_id=awesomesite&redirect_uri=https%3A%2F%2Fwww.myawesomewebsite.com%2Flogin

3. On successfully logging in, an authorization grant will be issued for the client_id and the guest will be redirected to the URI passed in. Note: This grant will expire 5 minutes after being generated.

   eg. https://myawesomesite/login?code=APA91bFdV3CWmJpMors50gWwQqtmmwxYKpyy1&expires_in=300

4. The client should then make a requestGuestToken call to the Paytronix to obtain an access and refresh token pair.

5. 1. If the result is a success, Paytronix will return the guest’s username, an access token and a refresh token. The access token may then be used to authenticate functionality such as account balance and user information.
   2. If the result is a failure, an error should be provided to the guest. Paytronix will include additional information regarding why the message failed.

   See Grant By Authorization Grant for more information