Secure Payments API Authentication

General

This article covers using a POST request to authenticate using the Secure Payments (formerly PCI Wallet) API. You also have the following authentication options:

Authentication

Secure Payments uses JSON Web Tokens for authentication. In our implementation two tokens are generated: secret and  token. These two tokens represent your account, so keep them private.

All authenticated endpoints expect both the secret and  token to be submitted as part of the request headers:

curl -X PUT --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'secret: your-secret' --header 'authorization: your-token' -d '{
"password": "Another-Good-Password-02"
}' 'https://pciwallet.simnang.com/api/users'
  • secret is the  secret: header.
  • token is the  authorization: header.

Tokens are long lived (90 days) and may be revoked (see  POST revoke).

Keep in mind that even if a set of tokens is valid, if the user password has expired then the request won’t be allowed but will fail with a different HTTP code:

  • 401 for authentication failed (wrong secret/token)
  • 402 for session or password expired


How did we do?


Powered by HelpDocs (opens in a new tab)