Access token
Learn how to authenticate with our platform.
Once you've received a subscription_key
, client_id
and client_secret
from our platform, you're now ready to authenticate with our Identity Service to retrieve an access_token
.
This access_token
will allow you to make API requests to the relevant products you've subscribed to in our API products.
Obtaining an access token
Obtaining an access token is straight forward using an OAuth 2.0 client credentials flow and is done on behalf of your client application. For further details on this authorisation flow, see here.
curl -X POST \
-d grant_type=client_credentials \
-d client_id=${client_id} \
-d client_secret=${client_secret} \
-d scope=smartrequests \
https://test.identity.ordopay.com/connect/token
Successful response:
{
"token_type": "Bearer",
"expires_in": 3599,
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1uQ19WWmNBVGZNNXBP..."
}
Using a token
To use the access_token
in your requests, it must be sent as a Bearer
token authentication header as below in all API requests to Ordo. As part of OAuth 2.0, Bearer authentication should only be used over HTTPS (SSL) with exceptions for local development.
Authorization: Bearer {token}
Updated 8 months ago