x-ibm-client-idwhen calling APIs. You should always store the
x-ibm-client-idin a secure location, and never reveal it publicly. More details about the usage of
x-ibm-client-idbelow in the authentication section.
access token. The zip file will be sent via e-mail. The zip file is locked with a password. DeveloperSupport will provide the password via text message. You will also receive a testuser to Sandbox MobilePay Portal
redirect_uriwill be used once the user authenticates successfully. MobilePay will only redirect users to a registered
redirect_uri, in order to prevent redirection attacks where an
access_tokencan be obtained by an attacker. The
redirect_urimust be an https endpoint to prevent tokens from being intercepted during the authorization process. You need to provide your own
redirect_uriand send it to email@example.com so it can be whitelisted. We will whitelist is as soon as we process your email request and we will confirm via e-mail, once it has been whitelisted.
Now you are ready to move on to the authentication section below.
When the merchant is onboarded via Production MobilePay Portal, and has ordered MobilePay Invoice, then you can continue with OIDC.
Note: if you are still working on the integration in sandbox, you will use Sandbox MobilePay Portal from step 5 in part 1.
When user clicks on this button, merchant must do back-end call to
"/authorize" endpoint for initiating authentication flow. You need to wait for the response by listening on the redirect URI and get the Authorization Code. Our system will re-direct the merchant back to your system also using the redirect URL.
There are many OpenID Connect certified libraries, so you have to chose the one, that suits you best from this list. we recommend Certified C#/NetStandard OpenID Connect Client Library
Call /connect/authorize to initiate user login and consent The Merchant must grant consent through mechanism in the OpenID Connect protocol suite. The Hybrid Flow should be initiated. For Invoice product the Client must request consent from the merchant using the
invoice scope. You also need to specify
offline_access scope, in order to get the refresh token. When user clicks on this button, merchant must do back-end call to
"/authorize" endpoint for initiating authentication flow.
Wait for the response by listening on the redirect URI and get the authorization code You need to wait for the response by listening on the
redirect_url and get the
authorization_code. Our system will re-direct the merchant back to your system also using the
Exchange the authorization code for tokens using /connect/token Once you got the
authorization_code, you can use it to get
refresh_token from the token endpoint.
Keep the session alive by using the refresh token When the
access_token expires, the
refresh_token can be used to obtain a fresh
access_token with the same permissions, without further involvement from a user.
Follow Best Practice Keeping credentials secure is important whether you’re developing open source libraries, or in this case, an MobilePay API integration for your product. Docs here
The MobilePay API Gateway is ensuring the authentication of all MobilePay Invoice API requests. All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.
To be able to use and connect to the API there are few requirements. In order to authenticate to the API, all requests to the API must contain at least three authentication headers:
Creating an app in MobilePay Developer Portal will create a
x-ibm-client-secret that should be used in all calls to the MobilePay Invoice API
$ curl --header "Authorization: Bearer <token>" --header 'x-ibm-client-id: client-id' --header 'x-ibm-client-secret: client-secret' --url https://<mobile-pay-root>/api/merchants/me/resource
Find the configuration links below:
PaymentReferencemeets customer needs in terms of reconciliation?
InvoiceNumbermeets customer needs in terms of reconciliation?
InvoiceNumberparameters used to reconcile transactions with their bank.
|Transaction Reporting API||Invoice API||Description||Required|
|PaymentPointId||Invoice Issuer ID||Represents merchant’s company information. Merchant must have at least one Invoice issuer which is created via MobilePay Portal||yes|
||Reference used on the payment to do reconciliation if merchant has chosen Instant Transfer method. If not filled, InvoiceNumber will be used as reference. “PaymentReference” will be truncated up down to 30 symbols and included in the bank statement.||no|
||Original invoice number sent by the Merchant. It will be used if PaymentReference is not filled.||yes|
|TRANSFER METHOD||Instant Transfer||Daily Transfer|
|TIME OF TRANSFER||MobilePay transfer instantly after the user pays the Invoice.||MobilePay does transfer once per day, at night. Payments payed on day X will be transferred on day X+1.|
||Generated by MobilePay|
||Generated by MobilePay|
Use invoice details for reconciliation
Invoice details GET response has