Access token

Learn how to authenticate with our platform.

Suggest Edits

Once you've received a subscription_key, client_id and client_secret from our platform, you're now ready to authenticate with our Identity Service to retrieve an access_token.

This access_token will allow you to make API requests to the relevant products you've subscribed to in our API products.

Obtaining an access token

Obtaining an access token is straight forward using an OAuth 2.0 client credentials flow and is done on behalf of your client application. For further details on this authorisation flow, see here.

curl -X POST \
    -d grant_type=client_credentials \
    -d client_id=${client_id} \
    -d client_secret=${client_secret} \
    -d scope=smartrequests \
    https://test.identity.ordopay.com/connect/token

Successful response:

{
  "token_type": "Bearer",
  "expires_in": 3599,
  "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1uQ19WWmNBVGZNNXBP..."
}

🚧

Scope

Each of our API product has their own scopes in order to connect to the endpoint.

API ProductScope
BillerDelivery (BDR)registry smartrequests obi
Client Hosted Paymentsregistry smartrequests obi
Financial Institutionregistry smartrequests obi
Refund Accountsregistry smartrequests
VRP Sweepingobi vrp registry

Using a token

To use the access_token in your requests, it must be sent as a Bearer token authentication header as below in all API requests to Ordo. As part of OAuth 2.0, Bearer authentication should only be used over HTTPS (SSL) with exceptions for local development.

Authorization: Bearer {token}

🚧

Note

The URLs for Production and Staging environments are similar, below you will find the correct URLs to use for each environments (http://test its http://live).

EnvironmentRequestURL
StagingOrdoTokenRequestUrlhttps://test.identity.ordopay.com/connect/token
StagingOrdoPaymentRequestUrlhttps://test.api.ordopay.com/smartrequestmanager/v1/smartRequests/newSmartRequestBDRLink
ProductionOrdoTokenRequestUrlhttp://live.identity.ordopay.com/connect/token
ProductionOrdoPaymentRequestUrlhttps://live.api.ordopay.com/smartrequestmanager/v1/smartRequests/newSmartRequestBDRLink

Updated 4 months ago

What’s Next