Issue an Access Token

POST 
/auth/brands/:brandIdentity/token

Overview

The token endpoint is used by the client to obtain an access token utilizing the following grant types:

• Client Credentials
• Refresh Token
• Token Exchange
• Password

Since the requests to the token endpoint result in the transmission of clear-text credentials (in the HTTP request and response), the client server MUST use TLS when sending requests to it.

Basic Authentication

Basic Authentication is used for authenticating a client. In this mechanism, the client sends its client ID and client secret as part of the Authorization header in an HTTP request. The Authorization header contains a Base64-encoded string of {URL-encoded-client-ID}:{URL-encoded-client-secret}.

SCA Authentication

The necessity for SCA Authentication arises when customers need to adhere to the particular regulations outlined in the PSD2 directive.

The HTTP WWW-Authenticate response header defines the SCA authentication methods that might be used to gain access to the specific resource:

HTTP/2 401 Unauthorized
WWW-Authenticate: SCA realm="Authentication" auth-param1="ewogICJzY2FEZXRhaWxzIjogewogICAgImV2ZW50SWQiOiAiMDZiZGMyYzAtY2NlLTRiMzYtOTdlYy0yODFjOGY1ZDc0M2MiLAogICAgIndhbGxldE9wZXJhdGlvbklkIjogImE1ODY1ZmQ2LTE4YzItNDVhOC05OTUzLTFjMDBlYWMzNmMzNiIsCiAgICAiYXV0aGVudGljYXRpb25Nb2RlIjogIk9VVFNPVVJDRUQiLAogICAgImF2YWlsYWJsZVZlcmlmaWNhdGlvbnMiOiBbCiAgICAgIHsKICAgICAgICAibWV0aG9kIjogIlBJTiIKICAgICAgfSwKICAgICAgewogICAgICAgICJtZXRob2QiOiAiT1RQIiwKICAgICAgICAiY2hhbm5lbCI6ICJTTVMiLAogICAgICAgICJ0YXJnZXQiOiAiam8qKipAZXhhbXBsZS5jb20iCiAgICAgIH0KICAgIF0sCiAgICAiY3JlYXRpb25UaW1lIjogIjIwMjEtMDctMTVUMTc6NTQ6MTJaIiwKICAgICJleHBpcmF0aW9uVGltZSI6ICIyMDIxLTA3LTE1VDE4OjA5OjEyWiIKICB9Cn0="

Upon the successful completion of the SCA authentication process, the user should re-request the same wallet resource. This should be done using the SCA-Authorization request header:

POST /digitalwallets/v1/auth/brands/{brandIdentity}/token HTTP/2
Host: api.paysafe.com
SCA-Authorization: ewogICJzY2FEZXRhaWxzIjogewogICAgImV2ZW50SWQiOiAiMDZiZGNkMmMtMGNjZS00YjM2LTk3ZWMtMjgxYzhmNWQ3NDNjIiwKICAgICJ3YWxsZXRPcGVyYXRpb25JZCI6ICJhNTg2NWZkNi0xOGMyLTQ1YTgtOTk1My0xYzAwZWFjMzZjMzYiCn0=

More details can be found in Strong Customer Authentication.

Request

Responses

200

OK

400

Bad request

401

Unauthorized

Response Headers

• WWW-Authenticate string

  Specifies the necessity of employing the `SCA` security scheme within the specific wallet domain.

405

Method Not Allowed

409

Conflict

500

Internal Server Error

503

Service Unavailable