OBO Token Migration

Starting July 6th, 2016, Secure Payments (formerly PCI Wallet) will use two authentication mechanisms: regular tokens and on behalf of tokens (OBO tokens).

The purpose of this document is to understand the differences between the two, and how to adjust your existing integration with Secure Payments to use the OBO token where appropriate.

Regular tokens are used to authenticate all requests except creating and editing Credit Cards and/or Checking Accounts. Conversely, OBO tokens are used exclusively for creating and editing Credit Cards and/or Checking Accounts. Because OBO tokens are exclusive to Credit Card and Checking Account operations, they are only used through the JavaScript library.

Assuming you already have a token and secret for your Secure Payments account, requesting an OBO token is very straightforward:

curl -X POST --header 'Content-Type: application/json' --header
'Accept: application/json' --header 'secret: your-secret' --header
'authorization: your-token''https://pciwallet.simnang.com/api/users/obo-token'

On success, the response will be:

"token": "your-obo-token"

Previously, the JavaScript library used the regular token and secret to authenticate requests. This is no longer the case. As a result, the easypay.core.set-credentials function has changed to accommodate the new OBO token.

Change this:

easypay.core.set-credentials({token: "your-token", secret: "your-secret"})

To this:

easypay.core.set-credentials({token: "your-obo-token"})

The above sets your OBO token for the current instance of the Secure Payments JavaScript library. Once credentials are set, they are good until the library is reloaded. Depending on your application, this may be on each page refresh, user login, or never for some single-page applications.

How did we do?

Powered by HelpDocs (opens in a new tab)