OAuth 2.0

Authenticating Paytron APIs

📘

Obtaining Client Credentials

Paytron restricts access to our Public API. You will need to contact us in order to receive Client Credentials for programmatic access to our APIs.

Paytron follows OAuth 2.0 specifications using AWS Cognito as our Authentication provider to ensure the security of our APIs.

Client Credentials Flow

The /oauth2/token endpoint only supports HTTPS POST. Your app makes requests to this endpoint directly, passing in Client Credentials in return for temporary access tokens.

Auth Endpoints

Production: https://paytron-prod.auth.ap-southeast-2.amazoncognito.com/oauth2/token
Demo: https://paytron-demo.auth.ap-southeast-2.amazoncognito.com/oauth2/token

POST /oauth2/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: paytron-prod.auth.ap-southeast-2.amazoncognito.com

grant_type=client_credentials
&client_id=<clientId>
&client_secret=<clientSecret>

If your Authentication request is successful you will receive a response in the following format

{
  "access_token":"<access_token>",
  "expires_in":3600,
  "token_type":"Bearer"
}

Keeping your keys safe

❗️

Keep your credentials safe

Your Client Credentials can be used to make any API call on behalf of your account, such as creating payments and Beneficiaries.

Treat your Client Credentials as you would any other password. Grant access only to those who need it. Ensure they are kept out of any version control system you may be using. Control access to your Client Credentials using a password manager or secrets management service.


Did this page help you?