Secure Payments API Authentication

Updated 8 months ago by Sloan

General

This article covers using a POST request to authenticate using the Secure Payments (formerly PCI Wallet) API. You also have the following authentication options:

• Revoke an existing authentication
• Refresh an authentication token

Authentication

Secure Payments uses JSON Web Tokens for authentication. In our implementation two tokens are generated: secret and  token. These two tokens represent your account, so keep them private.

All authenticated endpoints expect both the secret and  token to be submitted as part of the request headers:

curl -X PUT --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'secret: your-secret' --header 'authorization: your-token' -d '{
  "password": "Another-Good-Password-02"
}' 'https://pciwallet.simnang.com/api/users'

• secret is the  secret: header.
• token is the  authorization: header.

Tokens are long lived (90 days) and may be revoked (see  POST revoke).

Keep in mind that even if a set of tokens is valid, if the user password has expired then the request won’t be allowed but will fail with a different HTTP code:

• 401 for authentication failed (wrong secret/token)
• 402 for session or password expired

How did we do?

Related Articles

• Secure Payments API Payment Profiles
• Secure Payments API Payment Processors
• Secure Payments API VersaPay Process Payment