This documentation is deprecated
Please refer to the updated documentation https://docs.payadvantage.com.au/reference/authentications_post-1
The Pay Advantage API has been written as a RESTful API and classes can be accessed using standard POST, GET, PUT and DELETE actions.
Returns are JSON-encoded responses, and we use standard HTTP response codes, authentication, and verbs. Requests should be passed as JSON in the body, making sure to declare the content type in the header. We provide example requests and responses throughout our documentation.
A fully functioning Sandbox environment is available for testing which consists of a test web-panel, test API, and pre-filled test data. We will keep you updated as we improve our API and add new functionality in future versions.
Only account administrators can setup the API. If you want to setup an API account please make sure that you are logged in as a user with administrator permissions. You can read more about setting up user permissions here.
If you are logged in as an admin user, find More on the left hand menu of the client panel and select API. From here you can create API credentials, register an IP, and create a sandbox/test account.
The live environment and sandbox environment have separate login portals. Because of this you will need to create a set of API credentials for both environments and register any IP addresses in each environment.
Sandbox/Testing Environment
A complete replica of our system is available for testing.
To create your sandbox/test account you will need to login through our portal (https://secure.payadvantage.com.au) and have an approved account. If you have not submitted your business survey and been approved by support, you will not be able access our test environment or generate an API key for authentication.
Learn more about setting up and using the Sandbox environment here.
Live Environment
Access to our Live API is restricted for new accounts. Once you have completed testing your integration in the sandbox environment, please schedule a call with our API on-boarding team who can cover off some security and schema requirements before taking your application live.
Please ensure you read the section on "Restrictions, Performance & Best Practice" at the end of this Getting Started guide to ensure your integration is suitable.
Base URLs
The Pay Advantage API is only available through HTTPS. Attempting to access the API over an unsecured HTTP connection will return a "tls_required" error. The URL mentioned in our support documents will generally refer to the live URL. Please replace this with the test/sandbox URL during testing.
Live API
https://api.payadvantage.com.au/v3
Test/Sandbox API
https://api.test.payadvantage.com.au/v3
For security reasons, access to the API must be granted by registering the IP address you intend to use when accessing the API from under the API Setup options.
If you haven't registered the correct IP address you will receive an “invalid IP” error when attempting to authenticate. If this occurs, sign in to the web panel and register the correct IP addresses you want to authorise for access.
Your API credentials can be found in the user portal under API in the side menu under Integrations. Your API username and password will be listed here.
To authenticate and authorise your API requests an initial call is made to the token endpoint with credentials passed as JSON in the request body.
POST 'https://api.payadvantage.com.au/v3/token'
Your username and password should be used in the parameters username and password respectively. The parameter grant_type should always be passed as "password".
Example Request
curl -L -X POST 'https://api.payadvantage.com.au/v3/token' \
-H 'Content-Type: application/json' \
-d '{
"grant_type": "password",
"username": {your_username},
"password": {your_password}
}'
Successful Response
STATUS 200 // Successful
{
"access_token": {access_token},
"token_type": "bearer",
"expires_in": 1800
}
A successful response will return an access_token that must be included in any subsequent requests as an authorisation header called bearer.
An unsuccessful response will return a STATUS 4NN with an error code such as "invalid account" and a message to give more context to why the error occurred.
These tokens have an expiry in seconds as shown in the response. After this time any request to the API using an expired token will return a STATUS 401 unauthorised response, and a new token will need to be requested.
Using Token in Subsequent Requests
curl -L -X POST 'https://api.payadvantage.com.au/v3/...' \
-H 'Authorization: Bearer {access_token}' \
-H 'Content-Type: application/json' \
-d '{
...
}'
Comments
0 comments
Article is closed for comments.