View Categories

Client Authentication

1 min read

Table of Contents

How to authenticate your app against the Tenn.Pay platform using OIDC and call the API.

1. Configure your OIDC client #

Use any compliant OIDC library (e.g. oidc-client / oidc-client-ts on web, AppAuth on mobile). Flow: Authorization Code + PKCE.

Setting

Value

Setting

Value

Authority / Issuer

https://api.10npay.com (provided per environment)

Client ID

ClientName_Oidc

Response type

code

Redirect URI

<https://<your-app>>/auth-result

Post-logout redirect URI

<https://<your-app>>/Logout

Silent renew URI

<https://<your-app>>/silentRenew

Scopes

openid profile IdentityServerApi offline_access tenant TokenserverAPI.read TokenserverAPI.write Tenn.CRM Tenn.Messaging Tenn.Issuing Tenn.RiskService Tenn.Payment Tenn.FastPay

Standard discovery endpoints (under the issuer):

  • /connect/authorize

  • /connect/token

  • /connect/userinfo

  • /connect/endsession

  • /connect/revocation

2. Get an access token #

  1. Trigger signinRedirect() — the user is bounced to the auth server, signs in, and is redirected back to your redirect_uri with a code.

  2. On the callback page, call signinRedirectCallback() to exchange the code for tokens.

  3. Read user.access_token (JWT) from the returned user object.

3. Call the API #

Attach the access token to every request:

Authorization: Bearer <access_token>

That is the only auth requirement. The user identity is taken from the token — you do not need to pass any user ID or individual ID alongside it.

What are your Feelings