This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Authentication
Generate Token
To ensure secure access to backend operations, merchants are required to authenticate with our system using OAuth 2.0 protocol. This authentication process involves a server-to-server API call to our
merchant.authorize endpoint. Merchants provide their credentials in the form of a public_key and a secret, which are issued by Brite. In return, the authorization server responds with an access_token and a refresh_token.
// example request
{
"public_key": "string",
"secret": "string"
}
// example response
{
"access_token": "string",
"expires": 1652708597,
"refresh_token": "string"
}
| Token | Expiration time |
|---|---|
| access_token | 6h |
| refresh_token | 7h |
The access_token serves as a temporary credential for accessing protected resources. In subsequent API calls, merchants must include the access_token in the request header using the Bearer token authentication scheme. Additionally, the content-type must be specified as application/json.
// example request
curl -X POST \
-H "Authorization: Bearer ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{"key1":"value1","key2":"value2"}' \
{host}/api/{api_path}
Renew Token
The
refresh_token enable merchants to acquire a new access_token prior to the expiration of the original one. This process is initiated by sending the current access_token along with the refresh_token in a merchant.token API call.
// example request
{
"access_token": "string", // required
"refresh_token": "string" // required
}
To ensure uninterrupted access to our services, It’s important to understand that renewing a token automatically invalidates the original access_token. Therefore, if there’s any propagation time expected on your application for the new token to take effect, merchants should consider generating a new token via the merchant.authorize endpoint instead.