Authentication

What is needed to use the Installment Loan API

An HTTP Basic Authentication is needed to use an Installment Loan API. To do so, you need to know the credentials for accessing the system which is unique for each Merchant.

The credentials consist of two parameters: client_id and secret_key, which are used as a username and a password for the Merchant Authentication. The company receives those credentials once it has been registered in the Bank system as a Merchant and has filled in all necessary data. (see: How to find out the Merchant’s system credentials)

Example:

client_id: 1006
secret_key: 581ba5eeadd657c8ccddc74c839bd3ad

Header:
Authorization: Basic MTY2Njo1ODFiYTVlZWFkZDY1N2M4Y2NkZGM3NGM4MzliZDNhZA==

Method Description

Via the given method a Merchant passes the authentication. On calling this method, the Online Installment Loan Server returns a ‘Bearer Token’ which is used as a mandatory parameter for the authentication when calling all further methods.

Header

Content-Typerequiredapplication/x-www-form-urlencoded

AuthorizationrequiredBasic <base64>

Basic + <client_id>:<secret_key> coded in a Base64 format (i.e: „Basic ODI4Mjo3Njk3MDY0OTlmMDcwOWUyMzQ4NDU4NjNmOThiMjMxNA==“). where <client_id> and <secret_key> are a Merchant’s system access credentials provided by the Bank

Body

grant_typerequiredclient_credentials

A client_credentials text should be always passed in this parameter

REQUEST

POST /v1/oauth2/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Authorization: Basic <base64>

grant_type=client_credentials

Response

access_tokenstring

A token returned by the Authorization Server

token_typestring

A token type (The text „bearer“ is always returned)

app_idstring

not used

expires_innumber

A number of seconds for which the Token is active

RESPONSE

{
  "access_token": "<JWT>",
  "token_type": "Bearer",
  "app_id": "1A2019",
  "expires_in": 1634719923245
}