# Making Your first API call

GoDaddy Poynt APIs allow you to bring and merge essential information into your application. All Poynt APIs are secured with the OAuth2.0 authentication and authorization framework.

Before you can make an API call on behalf of a merchant, the are a series of steps to keep in mind:

  1. You must generate a self-signed JWT using the public-private keypair for your cloud app obtained from the Poynt Developer Portal.

  2. Post the self-signed JWT to Token API to obtain the GoDaddy Poynt granted AccessToken, TokenType and RefreshToken.

  3. Obtain the Merchant Authorization to access their data and call GoDaddy Poynt APIs.

NOTE

The algorithms supported to generate the JWT are RS256, RS384, RS512, PS256, PS384 or PS512 to generate the JWT.

Below is a section from our Python Sample (opens new window) hosted on GitHub.


def getAccessToken(self):
    poyntTokenUrl = self.apiHost + "/token"
    currentDatetime = datetime.utcnow()
    expiryDatetime = datetime.utcnow() + timedelta(seconds=300)
    payload = {
        'exp': expiryDatetime,
        'iat': currentDatetime,
        'iss': self.applicationId,
        'sub': self.applicationId,
        'aud': 'https://services.poynt.net',
        'jti': str(uuid.uuid4())
    }
    encodedJWT = jwt.encode(payload, self.rsaPrivateKey, algorithm='RS256')
    payload = {'grantType':'urn:ietf:params:oauth:grant-type:jwt-bearer', 'assertion':encodedJWT}
    print "Obtaining AccessToken using self-signed JWT:"
    code, jsonObj = self._sendFormPostRequest(poyntTokenUrl, payload, {})
    if code == requests.codes.ok:
        self.accessToken = jsonObj['accessToken']
        self.tokenType = jsonObj['tokenType']
        self.refreshToken = jsonObj['refreshToken']
        return True
    else:
        print "*** FAILED TO OBTAIN ACCESS TOKEN ***"
        return False

This code will generate an HTTP POST API call to Token API to obtain an Access Token (JWT).

Below is a sample raw HTTP request. Please note that your self-signed JWT must be passed as the assertion parameter:


POST https://services.poynt.net/token
api-version: 1.2
Content-Type: application/x-www-form-urlencoded
Content-Length: 749
Poynt-Request-Id: 54d6c99a-7520-46dc-814d-1793c086bc5c
grantType=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=eyJhbGciOiJSUzI1NiIsInR5cCI...

  1. Retrieve the access and refresh tokens from the Poynt's/token API response.

Sample response:

{
    "accessToken": "eyJhbGciOiJSUzI1NiJ9.eyJleHA...",
    "expiresIn": 86400,
    "refreshToken": "1:1:1:1:+XSWRztWqmZP7AC55IK...",
    "scope": "ALL",
    "tokenType": "BEARER"
}

At this point, you can make any Poynt API calls by passing the access token as part of the authorization header.

GET https://services.poynt.net/businesses/411c9612-2079-45ba-9a9d-a7b36140b0f1/catalogs
api-version: 1.2
Authorization: BEARER eyJhbGciOiJSUzI1NiJ9.eyJl...

TIP

Note that the Authorization header consists of the token type BEARER and the actual token value.

A functional Python Sample (opens new window) has been provided on GitHub as a reference. Make sure to check it out as it will help you understand API calls and their behavior.

You can also refer to the Poynt API Reference (opens new window) for more information about the available API resources.

Last Updated: 6/13/2023, 12:04:00 PM