# Authentication
When enrolled with OMPay, a set of client ID and secret credentials are provided together with your merchant ID.
TIP
Client ID and secret can be generated from your merchant dashboard. The merchant ID is provided to you upon creation of a business (Business specific)
# Server-to-server
- Shell
- JavaScript
# Example header
curl https://API_endpoint_here \
-H "Authorization: Basic <encoded string>" \
To initiate a request to any OMPay's endpoints from your server, the Authorization field of your HTTPS header must include an Basic Authentication scheme.
WARNING
Use HTTPS for all API requests, HTTP requests will not be successful.
# Basic Authentication
The "Basic" HTTP authentication scheme is defined in RFC 7617 (opens new window), which transmits credentials as Client ID/Secret pairs, encoded using base64. For e.g :
- Build a string of the
<clientID>:<ClientSecret> - BASE64 encode the string.
- Supply an Authorization header with content Basic followed by the encoded string
# Client to OMPay server
# Retrieve client token
Request example
- Shell
- JavaScript
curl -X POST \
https://api.ompay.com/v1/merchants/<merchantID>/client_token \
-H 'authorization: Basic ODZidWQ0Y2JremlxOXZmYzoweHI1ZDkwOHo2bmo4a2h6' \
-H 'content-type: application/json' \
-d ''\''grant_type=client_credentials'\'''
Response example
{
"accessToken": "<client_token>",
"tokenType": "Bearer",
"expiresOn": "2018-11-02T21:33:09Z",
"issuedOn": "2018-11-01T21:33:09Z"
}
Together with every client side request, we need to send a client token. To retrieve this, you pass the Basic Authentication in the Authorization header of a get access token request.
In exchange of these credentials the OMPay server will issue a client token.
This sample request uses a bearer token to get payment nonce for a client:
- Shell
- JavaScript
curl -X POST \
http://API_endpoint_here \
-H 'authorization: Bearer <client_token>' \
Include this bearer token in API requests in the Authorization header with the Bearer authentication scheme.