Access token
Learn how to authenticate with our platform.
Once you've received a subscription_key, client_id and client_secret from our platform, you're now ready to authenticate with our Identity Service to retrieve an access_token.
This access_token will allow you to make API requests to the relevant products you've subscribed to in our API products.
Obtaining an access token
Obtaining an access token is straight forward using an OAuth 2.0 client credentials flow and is done on behalf of your client application. For further details on this authorisation flow, see here.
curl -X POST \
-d grant_type=client_credentials \
-d client_id=${client_id} \
-d client_secret=${client_secret} \
-d scope=smartrequests \
https://test.identity.ordopay.com/connect/token
Successful response:
{
"token_type": "Bearer",
"expires_in": 3599,
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1uQ19WWmNBVGZNNXBP..."
}
Scopes
The below table gives the scopes required to get the access tokens to access exposed
methods under respective endpoints within products. The API endpoints URI will change according to
environment but the required scope will remain same.
Product Scope Single payment - Client hosted smartrequests obi Single payment - Ordo hosted smartrequests VRP - Client hosted vrp obi registry VRP - Ordo hosted vrp obi Refunds registry users Financial Institutions - Add Participant users Financial Institutions - Add Billing Account registry users Documents documents users Account Verfication - client hosted obi Account Verfication - Ordo hosted obi
Using a token
To use the access_token in your requests, it must be sent as a Bearer token authentication header as below in all API requests to Ordo. As part of OAuth 2.0, Bearer authentication should only be used over HTTPS (SSL) with exceptions for local development.
Authorization: Bearer {token}
Note
The URLs for Production and Staging environments are similar, below you will find the correct URLs to use for each environments (http://test its http://live).
Environment Request URL Staging OrdoTokenRequestUrl https://test.identity.ordopay.com/connect/token Staging OrdoPaymentRequestUrl https://test.api.ordopay.com/smartrequestmanager/v1/smartRequests/newSmartRequestBDRLink Production OrdoTokenRequestUrl http://live.identity.ordopay.com/connect/token Production OrdoPaymentRequestUrl https://live.api.ordopay.com/smartrequestmanager/v1/smartRequests/newSmartRequestBDRLink
Updated 2 months ago