oAuth
iCard Rest API uses oAuth2 for authorizing the HTTP requests. For more information please refer to the docs: https://www.oauth.com. The oAuth2 Token is sent in the header of every request. The Client ID and Client Secret are available in the myPOS Web Account.
oAuth Credentials
To generate your personal set of credentials, go to your iCard Developers Account. There you can manage your already generated credentials as well as generate new ones.
Token generation
After obtaining your Client ID and Client Secret, generating an oAuth Token is standard. myPOS REST API currently supports only "client credentials" grant type for oAuth Token generation.
To generate a token, send an HTTP POST request to https://auth-api.mypos.com/oauth/token with:
Headers
Content-Type = application/x-www-form-urlencoded
Authorization = "Basic " + base64 encoded value of concretinated Client ID and Client Secret using a semicolon for concretination.
Body
grant_type = "client_credentials" or authorization_code" or "refresh_token"
scope = "webhooks" when using oAuth for the WebhookAPI
Examples
curl -X POST \ | |
https://auth-api.mypos.com/oauth/token \ | |
-H 'Authorization: Basic base64encode(client_id:client_secret)' \ | |
-H 'Content-Type: application/x-www-form-urlencoded' \ | |
-d 'grant_type=client_credentials' |
Token Revocation
To revoke an oAuth Token send an HTTP request to https://api.mypos.com/oauth/revoke with:
Headers
Content-Type = application/x-www-form-urlencoded
Authorization = "Basic " + base64 encoded value of concretinated Client ID and Client Secret using a semicolon for concretination.
Body
token = <the_token_to_revoke>
Examples
curl -X POST \ | |
https://auth-api.mypos.com/oauth/revoke \ | |
-H 'Authorization: Basic base64encode(client_id:client_secret)' \ | |
-H 'Content-Type: application/x-www-form-urlencoded' \ | |
-d 'token=vjqje92BWVesdh8TE6nBfepst0mf11wHA6VnR5RhN6' |