Authentication
Authentication should be done with API clients, use the client_id/client_secret from the Checkout API client
to get an access token (see Get token endpoint). Read more about how to set
the basic auth Authorization header at wikipedia.
Request
In this example, the account id is T12345678 (T for test), replace with your own account id.
- Pseudo
- Curl
- Node
- Python
POST https://checkout.dintero.com/v1/accounts/T12345678/auth/token
Authorization: Basic base64(client_id:client_secret)
Content-Type: application/json
{
"grant_type": "client_credentials",
"audience": "https://api.dintero.com/v1/accounts/T12345678"
}
curl https://api.dintero.com/v1/accounts/T12345678/auth/token \
-u "CLIENT_ID:CLIENT_SECRET" \
-H'Content-Type: application/json' \
-d'{
"grant_type": "client_credentials",
"audience": "https://api.dintero.com/v1/accounts/T12345678"
}'
This example uses node-fetch, but is easily transferable to other client libraries like axios and undici.
import fetch from 'node-fetch';
async function fetchAccessToken(account_id, client_id, client_secret) {
const url = `https://api.dintero.com/v1/accounts/${account_id}/auth/token`;
const basicAuthString = Buffer.from(`${client_id}:${client_secret}`)
.toString('base64');
const response = await fetch(url, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
Accept: 'application/json',
Authorization: 'Basic ' + basicAuthString
},
body: JSON.stringify({
grant_type: 'client_credentials',
audience: `https://api.dintero.com/v1/accounts/${account_id}`
})
});
if (response.status !== 200) {
throw new Error('Something');
}
const json = await response.json();
return json.access_token;
}
const accessToken = fetchAccessToken('T12345678', 'your_client_id', 'your_client_secret')
We also offer an SDK for Python at https://pypi.org/project/dintero.
import requests
import json
def fetch_access_token(account_id, client_id, client_secret):
url = f"https://api.dintero.com/v1/accounts/{account_id}/auth/token"
payload = {
"grant_type": "client_credentials",
"audience": f"https://api.dintero.com/v1/accounts/{account_id}",
}
response = requests.post(
url,
auth=requests.auth.HTTPBasicAuth(
client_id, client_secret
),
headers={
"Content-Type": "application/json",
},
data=json.dumps(payload),
)
assert response.status_code == 200
auth_token_response = response.json()
access_token = auth_token_response["access_token"]
return access_token
access_token = fetchAccessToken("T12345678", "your_client_id", "your_client_secret")
Account Ids
Your Dintero account ID consists of a prefixed character denoting the environment its for, followed by the a set of numbers. i.e. P12345678.
The different environments are: P = Production T = Test
Environments
The test environment is a sandbox environment where you can test your integration without any real money being involved. The production environment is the live environment where you can accept real payments and should be used when you are ready to go live.
We recommend that you use the test environment first when you are developing your integration and testing it.
When you are ready to go live, you can switch to the production environment by changing the prefix of your account ID from T to P.
Make sure create a new API client for the production environment and use the production client ID and secret when you send requests to the production environment. For more information on how to do this, see How to configure a Checkout API Client.
Response
{
"access_token": "eyJhbGci...t7P4",
"token_type": "Bearer",
"expires_in": 86400
}
Using the access token
Use access_token as Bearer Authorization when accessing the API, by setting the following header:
Authorization: Bearer {access_token}