Authentication Request for API Calls
This list below, outlines the minimum requirements for a successful API call. The ability to generate these correctly, along with utilizing the Consumer Key and Consumer Secret, are vital to successfully transacting with our API.
- oath_callback
- oauth_consumer_key
- oauth_nonce
- oauth_signature_method
- oauth_timestamp
- oauth_version
Choose Your Flow
2-Legged
2-Legged authentication is best supported when an API integration will be used by the merchant or working only 1 merchant. This method of of authentication provides an access token that hasa 24-hour lifespan. This can be helpful to assist the client with tracking calls mode fora merchant on a daily basis, also. this can help bolster security as the merchant will not have an available token that could potentially be used to transact with their information outside of that timeframe.
Example Request:
POST https://api.mxisoagent.com/boarding/v2/oauth/1a/requesttoken HTTP/1.1
Authorization: OAuth oauth_callback='scriptToCaptureTokens.php',
oauth_consumer_key='00000000-0000-0000-0000-000000000000',
oauth_nonce='f5eba5867064d4e227f7872e77203716f6b9467a',
oauth_signature_method='HMAC-SHA1',
oauth_signature='Oa260bPDifvy2R2wL%7EeIajYdFY%3D',
oauth_version='1.0',
oauth_timestamp='1361295973'
Accept: application/x-www-form-urlencodedResponse:
HTTP/1.1 200 OK
Content-Type: application/x-www-form-urlencoded
oauth_token=AUt1Jymdbt89SyPDK8zlajsA&oauth_token_secret=dea7c4de-f346-403f-962c-181ae8338800&oauth_callback=trueRequest:
POST https://api.mxisoagent.com/boarding/v2/oauth/1a/accessToken HTTP/1.1
Authorization: OAuth oauth_token='4499eddf-2633-415a-b221-90cbf7823dce',
oauth_consumer_key='00000000-0000-0000-0000-000000000000',
oauth_nonce='vYXqb3Jq',
oauth_signature_method='HMAC-SHA1',
oauth_signature='%2FUeW4NTL4NV88XOYPAKr3ANGn7A%3D',
oauth_version='1.0',
oauth_timestamp='1344019030'
oauth_token='dea7c4de-f346-403f-962c-181ae8338800'
Accept: application/x-www-form-urlencodedResponse:
HTTP/1.1 200 OK
Content-Type: application/x-www-form-urlencoded
oauth_token=AUtweZLmsdIpqS6BuK6S6hrQ&oauth_token_secret=STxHsU3bNDNXvrvCCAdVvEAAuthorization
After acquiring the tokens, the user of the application should be directed to the authorization page:
Opting to 'Authorize' access, the browser will redirect the user to the url supplied in the original request as the oauth_callback value.
Exchange Tokens
Included in the redirect is a new oauth parameter; oath_verifier. This parameter should be added in with the rest of the oauth_parameters when submitting a request for an access token. In doing so thinks your API key and secret with the merchant's id and information/ Below is the URL to send a request for an access token with an example request.
Request:
POST https://api.mxisoagent.com/boarding/v2/OAuth/1A/AccessToken HTTP/1.1
Authorization: OAuth oauth_callback='someScriptToCaptureTokens.php',
oauth_token='4499eddf-2633-415a-b221-90cbf7823dce',
oauth_consumer_key='00000000-0000-0000-0000-000000000000',
oauth_nonce='vYXqb3Jq',
oauth_signature_method='HMAC-SHA1',
oauth_signature='%2FUeW4NTL4NV88XOYPAKr3ANGn7A%3D',
oauth_verifier='HRH8G347',
oauth_version='1.0',
oauth_timestamp='1344019030'
Accept: application/x-www-form-urlencodedResponse:
HTTP/1.1 200 OK
Content-Type: application/x-www-form-urlencoded
oauth_token=AUtweZLmsdIpqS6BuK6S6hrQ&oauth_token_secret=STxHsU3bNDNXvrvCCAdVvEAUpdated 3 months ago