Overview
OAuth 2.0
OAuth 2.0 authorization framework is a protocol that allows a third-party client to access protected resources on behalf of a specific resource owner without sharing their credentials. OAuth 2.0 relies on flows to issue access token to the client application.
Access to PayNet’s API Gateway requires an access token. To receive an access token from OAuth 2.0 Authorization Server, client needs to generate API keys by registering their application in the PayNet Developer Portal. In return, the Developer Portal will share the Client ID and Client Secret keys to be used in the authorization flows.
We are in the midst of updating all our APIs to support OAuth2.0. Please refer to the respective API product reference to find out which authentication method is being supported currently.
OAuth 2.0 Client Credentials Flow
Also known as Client Credentials Grant, this flow is used in server to server communication. The diagram illustrates the OAuth 2.0 Client Credentials Flow designated for trusted client applications to request access token to OAuth 2.0 Authorization Server and use the access token to access API Gateway.
The client application requests for an access token from the Authorization Server via the Token Endpoint, using their Client ID and Client Secret with Client Credentials grant type for the request parameters
On successful request, the Authorization Server returns the access token with some other informative fields
The client application now can use their access token to access PayNet’s API Gateway