Documentation

# Getting an Access Token

As a first step in getting an access token, you will need to obtain the {SELF_SIGNED_JWT}, which is signed with your app's private key. The payload for the JWT should contain the following parameters:

    {
        "exp": 1585694203,
        "iat": 1585691303,
        "iss": "urn:aid:43d223e7-0783-4889-822a-b1df827352c2",
        "sub": "urn:aid:43d223e7-0783-4889-822a-b1df827352c2",
        "aud": "https://services.poynt.net",
        "jti": "f3d223e7-0783-4889-822a-b1df827352c6"
    }

# Claims explained:

  • exp: Expiry time for the self generated jwt
  • iat: Time the jwt is issued/created
  • iss: Issuer of the jwt (your appId)
  • sub: Subject of the jwt (your appId)
  • aud: Audience the jwt is intented for ("https://services.poynt.net or "https://services-eu.poynt.net" for EU)
  • jti: Unique identifier for the jwt

TIP

The payload shown in the json code snippet needs to be encoded with your application's private key using one of the supported algorithms such as RS256, RS384, PS256, PS384 or PS512.

# Access Token Request

Use the self-signed JWT to perform a request for the Access Token. To do this, you must make a HTTP POST request from your server to https://services.poynt.net/token and include the following headers and arguments:

Headers:

  • Accept: application/json
  • api-version: 1.2
  • Content-Type: application/x-www-form-urlencoded

Body:

  • grantType: urn:ietf:params:oauth:grant-type:jwt-bearer
  • assertion: {SELF_SIGNED_JWT}
Curl Request Example 
    curl -XPOST 'https://services.poynt.net/token' \
    -H "Accept: application/json" \
    -H "api-version: 1.2" \
    -d "grantType=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion={SELF_SIGNED_JWT}"

# Example response:

{
    "expiresIn": 86400,
    "accessToken": "eyJhbGciOiJSUzI1NiJ9.eyJwb3ludC51aWQiOjE1MjYzNzgsInN1YiI6InVy...",
    "refreshToken": "1:1:1:2:emjXrINpTMI7aLvMZfdPHEH/OTtSZlI+BqfmBi+iJ0aRS40BJrYWvqU04I...",
    "scope": "ALL",
    "tokenType": "BEARER"
}

The accessToken is an encoded JWT (https://jwt.io) containing the claims.

{
  "aud": "urn:aid:43d223e7-0783-4889-822a-b1df827352c2",
  "sub": "urn:aid:43d223e7-0783-4889-822a-b1df827352c2",
  "poynt.aur": "co.poynt.posapp",
  "poynt.sct": "J",
  "poynt.org": "69f1712e-e8f1-4c44-9ec8-6f15a5beecb1",
  "iss": "https://services.poynt.net",
  "poynt.kid": 13316956343565198000,
  "poynt.aty": "S",
  "exp": 1585717703,
  "iat": 1585591303,
  "jti": "68c64659-dcba-44f7-8515-33117294411e"
}

# Merchant Access Token

The following steps explain how to get the access token for the merchant after Oauth.

NOTE

These steps should be followed only for the specific cases that require a Merchant Access Token.

It's important to highlight that you must generate the Self-signed JWT as described in the first steps of this page.

From your server, make a HTTP POST request to https://services.poynt.net/token and include the following headers and arguments:

Headers:

  • Content-Type: application/x-www-form-urlencoded
  • api-version: 1.2
  • Authorization: Bearer {self-signed-jwt}

Body:

  • grant_type=authorization_code
  • redirect_uri={redirect_uri}
  • client_id={appId}
  • code={code}
Curl Request Example 
curl -XPOST 'https://services.poynt.net/token' \
-H "Accept: application/json" \
-H "Authorization: Bearer  {self-signed-jwt}" \
-d 'grant_type=authorization_code&code={CODE}&client_id={APP_ID}&redirect_uri={OAUTH CALLBACK URL'}

# Example response:

{
    "expiresIn": 86400,
    "accessToken": "eyJhbGciOiJSUzI1NiJ9.eyJwb3ludC51aWQiOjE1MjYzNzgsInN1YiI6InVy...",
    "refreshToken": "1:1:1:2:emjXrINpTMI7aLvMZfdPHEH/OTtSZlI+BqfmBi+iJ0aRS40BJrYWvqU04I...",
    "scope": "ALL",
    "tokenType": "BEARER"
}

The access token includes the following claims:

{
  "poynt.uid": 1526378,
  "sub": "{YOUR_APP_ID}",
  "aud": "{YOUR_APP_ID}",
  "poynt.aur": "{APP_PACKAGE_NAME}",
  "poynt.sct": "J",
  "poynt.biz": "{MERCHANT_BUSINESS_ID}",
  "poynt.org": "69f1712e-e8f1-4c44-9ec8-6f15a5beecb1",
  "iss": "https://services.poynt.net",
  "poynt.kid": 6957716317166682000,
  "exp": 1463519061,
  "iat": 1463432661,
  "jti": "c374c9f8-87bd-4705-b3d0-e6d078fd17af",
}

# Refresh Token

As you may have noticed, the current access and merchant tokens have a duration of 24 hours before they become obsolete. For this reason, we have designed a Refresh Token that allows you to regenerate your Access and Merchant Tokens.

Headers

  • Content-Type: application/x-www-form-urlencoded
  • api-version: 1.2

Body:

  • grantType: REFRESH_TOKEN
  • refreshToken: {refresh_token}

TIP

The {refresh_token} should come from the Access Token section.

Curl Request Example 
{
curl -XPOST 'https://services.poynt.net/token' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Poynt-Request-Id: {{guid}}' \
-H 'api-version: 1.2' \
-d 'grantType=REFRESH_TOKEN' \
-d 'refreshToken={refresh_token}'
}

Sample Response

{
    "expiresIn": 86400,
    "accessToken": "{access_token}",
    "refreshToken": "{refresh_token}",
    "scope": "ALL",
    "tokenType": "BEARER"
}
Last Updated: 4/2/2024, 6:17:20 AM

Merchant Authorization

Contents