Authentication
Introduction
Section titled “Introduction”Regardless of how you choose to implement the UNIPaaS solution, you will need to perform one server-to-server call to initiate your connection with UNIPaaS.
Server to server
Section titled “Server to server”When it’s used:
- Hosted onboarding link
- Checkout page
- Pay-in API
- Account API
- Payout API
A basic authentication is enforced when performing an API request from your server to UNIPaaS. An authorization bearer header must be sent along with the private_key, provided to you in your portal account settings to access restricted API endpoints.
Example of a checkout create API request:
curl --location --request POST 'https://sandbox.unipaas.com/platform/pay-ins/checkout' \--header 'Content-Type: application/json' \--header 'Authorization: Bearer {{PRIVATE_KEY}}' \--data-raw '{ "amount": 10, "currency": "GBP", "orderId": "1000456", "description": "Iphone case", "email": "test@test.com", "country": "GB", "items": [ { "itemName": "Iphone case", "itemAmount" : 10, "vendorId" :"5ee8e655a65f08fcd71fe4d9", "platformFee" : "15"
} ]}'Client to server
Section titled “Client to server”When it’s used: Onboarding Embedded UI
An OAuth 2.0 authorization is enforced when performing an API request from a client application such as a drop-in UI to UNIPaaS. For a client application to communicate with UNIPaaS without compromising your private_key, an OAuth 2.0 mechanism is used. This means before any API request from a client application; a temporary accessToken must be granted using the authorization API endpoint:
curl --request POST \ --url https://sandbox.unipaas.com/platform/authorize \ --header 'Accept: application/json' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer {{private_key}}' \ --data-raw '{ "vendorId": "5140332a9d0ca8037a72c1812", "scopes": ["onboarding_write"] }'