Your access token authorizes you to use the SmartFastPay REST API server. To call a REST API in your integration, exchange your client ID and secret for an access token in an OAuth 2.0 token call. While there are a few ways to get a token, here are examples using both the Postman app and a cURL command.
Your own environment's HTTP library or function may have username
and password
fields or an auth parameter in which you pass
your client ID and secret. You can also add your Base64 encoded client ID and secret in an Authorization: Basic
header.
To generate REST API credentials for the sandbox and live environments:
POST
method.
https://sandbox.smartfastpay.com/oauth2/token
request URL.
In exchange for these credentials, the SmartFastPay authorization server returns your access token in the access_token field:
{
"requestId": "a2435636-5f69-447d-8e22-8382f62ef7dd",
"data": {
"access_token": "< Access-Token >",
"token_type": "Bearer",
"expires_in": 3600
}
}
Include this bearer token in the Authorization header with the Bearer authentication scheme in REST API calls to prove your identity and access protected resources. This sample request includes a bearer token:
curl -v --location --request POST 'https://sandbox.smartfastpay.com/transaction/checkout' \
--header "Content-Type: application/json" \
--header "Authorization: Bearer < Access-Token >"
Access tokens have a finite lifetime. The expires_in
field contains the number of seconds after which the token expires.
For example, an access token with an expiry value of 3600
expires in one hour from when the response was generated. In general, access tokens have a life of 15 minutes or eight hours depending on the scopes associated.
To detect when an access token expires, write code to either:
expires_in
value in the token response.
401 Unauthorized
status code. The API endpoint issues this status code when it detects an expired token.
Re-use the access token until it expires. Then, get a new token.
client_id
is your client ID and secret
is your secret:
curl -v --location --request POST 'https://sandbox.smartfastpay.com/oauth2/token' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic < Access-Credentials >'
Accept
header to application/x-www-form-urlencoded
.
In exchange for these credentials, the SmartFastPay authorization server returns your access token in the access_token
field:
{
"requestId": "a2435636-5f69-447d-8e22-8382f62ef7dd",
"data": {
"access_token": "< Access-Token >",
"token_type": "Bearer",
"expires_in": 3600
}
}
Include this bearer token in the Authorization
header with the Bearer
authentication scheme in REST API calls to prove your identity
and access protected resources. This sample request includes a bearer token:
curl -v --location --request GET 'https://sandbox.smartfastpay.com/transactions/' \
--header "Content-Type: application/json" \
--header "Authorization: Bearer Access-Token"
Access tokens have a finite lifetime. The expires_in
field contains the number of seconds after which the token expires.
For example, an access token with an expiry value of 3600
expires in one hour from when the response was generated. In general, access tokens have a life of 15 minutes or eight hours depending on the scopes associated.
To detect when an access token expires, write code to either:
expires_in
value in the token response.
401 Unauthorized
status code. The API endpoint issues this status code when it detects an expired token.
Re-use the access token until it expires. Then, get a new token.