Authentication
Overview
To create a checkout instance, you need an access token from the Authentication API. To get the access token, you need your API credentials, which you can get from the Dashboard.
Authentication flow.
-
Generate an access token by executing a POST
{peach-auth-service}/api/oauth/token
request with your client ID, client secret, and merchant ID.curl --location --request POST '{peach-auth-service}/api/oauth/token' --header 'content-type: application/json' --data-raw '{ "clientId": "{{clientId}}", "clientSecret": "{{clientSecret}}", "merchantId": "{{merchantId}}" }'
-
The Authentication API responds with an access token.
{ "access_token": "<access token>", "expires_in": "<token expiry duration in seconds>", "token_type": "Bearer" }
-
Make calls to the Embedded Checkout API with the access token in the authorisation header, for example,
Authorization: Bearer {access_token}
.
- You can reuse the access token from step 2 for multiple API calls.
- When the token expires, you need to generate a new one.
See the Postman collection for more details on API authentication.
Code snippet
async function authenticate(clientId, clientSecret, merchantId) {
let response = await fetch("<peach auth service>/api/oauth/token", {
method: "POST",
body: JSON.stringify({
clientId,
clientSecret,
merchantId
})
});
if (response.ok) {
let body = await response.json();
return body.bearer;
} else {
throw new Error("Unable to authenticate");
}
}
async function createCheckoutId(token, body) {
const response = await fetch("<checkout api>/v2/checkout", {
headers: new Headers({
"Authentication": `bearer ${token}`,
"origin": "<base domain for site>"
}),
method: "POST",
body: JSON.stringify(body),
});
if (response.ok) {
return await response.json();
} else {
throw new Error("Unable to retrieve Checkout Id.");
}
}
const bearerToken = await authenticate(clientId, clientSecret, merchantId);
const checkout = await createCheckoutId(bearerToken, body);
Updated about 2 months ago