Merchant Authentication

Overview #

This API endpoint is used for obtaining an access token via the OAuth 2.0 protocol using the Resource Owner Password Credentials Grant type. The endpoint requires Basic Authentication and accepts parameters in the x-www-form-urlencoded format.

Endpoint #


Method: POST

Authentication #

Type: Basic Authentication

  • Username: TennTesting

  • Password: 43579AF6F9BF4E259BD58F3DA730A717

Headers #

  • Content-Type: application/x-www-form-urlencoded

  • Authorization: Basic base64(username:password)

Parameters #

The following parameters must be sent in the body of the request using the x-www-form-urlencoded format:






The client ID for authentication.



The grant type. For this API, it should be password.



The username of the user.



The password of the user.

Sample Request #

Here is a sample curl command to request a token:

curl --location '' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Authorization: Basic VGVubkVzdGluZzo0MzU3OUFGNkY5QkY0RTI1OUJENThGM0RBNzMwQTcxNw==' \ --data-urlencode 'client_id=TennTesting' \ --data-urlencode 'grant_type=password' \ --data-urlencode '' \ --data-urlencode 'password=Ttest@2S'

Response #

The API returns a JSON object containing the access token and associated scopes. Below is an example of a successful response:

	"access_token": "{Token}",
	"scope": "email IdentityServerApi offline_access openid phone platform profile roles tenant Tenn.Administrative Tenn.Audit Tenn.CRM Tenn.Discuss Tenn.Entitlement Tenn.FileStorage Tenn.MS Tenn.Payment Tenn.Recipient Tenn.Reporting Tenn.RiskService Tenn.Subscription TokenserverAPI.write two_factor_enabled user_relation"

Response Fields #
  • access_token: The token that can be used to authenticate subsequent API requests.

  • scope: The scopes granted to the access token.

Error Handling #

In case of an error, the API will return an appropriate HTTP status code along with a JSON object containing error details.

Example of an Error Response #

	"error": "invalid_grant",
	"error_description": "The user name or password is incorrect."

Notes #

  • Ensure that the Authorization header is correctly base64 encoded.

  • The grant_type parameter must always be set to password for this endpoint.

  • The response token should be securely stored and used for authenticating other API requests.

Snippet #

API Properties
Header parameters
Result of the call

Powered by BetterDocs