Authentication
Introduction
Regardless of how you choose to implement the UNIPaaS solution, you will need to perform one server-to-server call to initiate your connection with UNIPaaS.
Server to server
When it's used:
- Hosted onboarding link
- Checkout page
- Pay-in API
- Account API
- Payout API
A basic authentication is enforced when performing an API request from your server to UNIPaaS. An authorization bearer header must be sent along with the private_key, provided to you in your portal account settings to access restricted API endpoints.
Example of a checkout create API request:
curl --location --request POST 'https://sandbox.unipaas.com/platform/pay-ins/checkout' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{PRIVATE_KEY}}' \
--data-raw '{
"amount": 10,
"currency": "GBP",
"orderId": "1000456",
"description": "Iphone case",
"email": "[email protected]",
"country": "GB",
"items": [
{
"itemName": "Iphone case",
"itemAmount" : 10,
"vendorId" :"5ee8e655a65f08fcd71fe4d9",
"platformFee" : "15"
}
]
}'
Client to server
When it's used: Onboarding Embedded UI
An OAuth 2.0 authorization is enforced when performing an API request from a client application such as a drop-in UI to UNIPaaS. For a client application to communicate with UNIPaaS without compromising your private_key, an OAuth 2.0 mechanism is used. This means before any API request from a client application; a temporary accessToken must be granted using the authorization API endpoint:
curl --request POST \
--url https://sandbox.unipaas.com/platform/authorize \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{private_key}}' \
--data-raw '{
"vendorId": "5140332a9d0ca8037a72c1812",
"scopes": ["onboarding_write"]
}'
Updated almost 3 years ago