Overview
Introduction
Authentication is a critical component of any secure application. In the context of the Paysafe Embedded Wallet solution, authentication plays a vital role in protecting user assets and personal information.
The Business and Consumer APIs integrations utilize OAuth 2.0 for authentication, ensuring secure access to wallet functionalities. The API calls are authenticated using OAuth Bearer Tokens, which are issued by the Paysafe authorization server.
Client Credentials
In order to issue a security access token, the client (partner) must provide its credentials to the Paysafe authorization server when requesting a token. These credentials are used to authenticate the client and authorize access to the requested resources.
One single set of client credentials consist of a Client ID and a Client Secret.
Paysafe provides:
- Sets of client credentials that are specifically designed for the sandbox/test environment.
- Sets of client credentials that are specifically designed for the live/production environment.
When initiating an access token request, ensure that the Authorization header using the Basic scheme is configured with the relevant credentials corresponding to the environment in which the call is being made and the desired token type.
For additional details, please refer to Basic Authentication on Wikipedia.
The client credentials are provided by the Paysafe business relationship manager.
Security Tokens
The access token is a security token that is issued by the Paysafe authorization server.
By using a set of client credentials, the Paysafe authorization server can Issue an Access Token.
The issued bearer access token serves as the key for authorizing Business and Consumer API requests.
The access token is a JSON Web Token (JWT) that contains information about the client, the scopes granted to it and details for its intended usage.
An invalid, missing or expired token will result in HTTP 401 Unauthorized responses.
Admin Token
The Admin Token is a special type of access token that is used to perform administrative tasks within the Paysafe Embedded Wallet system.
This token grants access to the Business APIs and is typically used by the partner and its authorized personnel to manage the embedded wallets of their own customers.
Configuration Token
The Configuration Token is a weak access token (lacks broader permissions) that is used to configure the Paysafe Embedded Wallet system for certain basic operations.
Such operations include, but are not limited to the following:
- Configure the Paysafe Wallet SDK for the partner's application, so it can reuse the provided configuration for the lifecycle of the partner’s application.
- Send & Submit strong customer authentication challenges for non-logged-in customers (no User Token has been issued yet).
The Configuration Token is not restricted to a specific end-customer of the partner.
Customer Token
The Customer Token is a strong access token that is used to perform operations on the wallet of a specific customer.
This token grants access to the Consumer APIs and is typically used by the end-customer to manage their own wallet.
The token is end-customer specific and allows access to resources associated only with a specific customer!
The token is used to facilitate a smooth customer experience by enabling direct communication from end-customer devices and executing actions on behalf of the designated customer. Its intended for use in the context of the Paysafe Wallet SDK.