OAuth 2.0
Authenticating Paytron APIs
Obtaining Client Credentials
Paytron restricts access to our Public API. You will need to contact us in order to receive Client Credentials for programmatic access to our APIs.
Paytron follows OAuth 2.0 specifications using AWS Cognito as our Authentication provider to ensure the security of our APIs.
Client Credentials Flow
The /oauth2/token endpoint only supports HTTPS POST. Your app makes requests to this endpoint directly, passing in Client Credentials in return for temporary access tokens.
Auth Endpoints
Production: https://paytron-prod.auth.ap-southeast-2.amazoncognito.com/oauth2/token
Development: https://paytron-staging.auth.ap-southeast-2.amazoncognito.com/oauth2/token
POST /oauth2/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: paytron-prod.auth.ap-southeast-2.amazoncognito.com
grant_type=client_credentials
&client_id=<clientId>
&client_secret=<clientSecret>
If your Authentication request is successful you will receive a response in the following format
{
"access_token":"<access_token>",
"expires_in":3600,
"token_type":"Bearer"
}
Keeping your keys safe
Keep your credentials safe
Your Client Credentials can be used to make any API call on behalf of your account, such as creating payments and Beneficiaries.
Treat your Client Credentials as you would any other password. Grant access only to those who need it. Ensure they are kept out of any version control system you may be using. Control access to your Client Credentials using a password manager or secrets management service.
Updated about 1 year ago