Secure Payments API – Authentication Overview
General
This article covers using a POST request to authenticate using the Secure Payments (formerly PCI Wallet) API. You also have the following authentication options:
Authentication
Secure Payments uses JSON Web Tokens for authentication. In our implementation, two tokens are generated: secret
and token
. These two tokens represent your account, so keep them private.
All authenticated endpoints expect both the secret
and token
to be submitted as part of the request headers. Here's a cURL request showing the headers, endpoint, and payload body:
curl -X PUT --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'secret: your-secret' --header 'authorization: your-token' -d '{
"password": "Another-Good-Password-02"
}' 'https://securepayments.loanpro.io/api/users'
secret
is thesecret:
header.token
is theauthorization:
header.
Here's just the payload body from that request:
{
"password": "Another-Good-Password-02"
}
Tokens are long-lived (90 days) and may be revoked (see Revoke Tokens).
Keep in mind that even if a set of tokens is valid, if the user password has expired then the request won’t be allowed but will fail with a different HTTP code:
401
for authentication failed (wrong secret/token)402
for session or password expired