Prior to attempting to process a transaction the host website must complete authentication with the DNA platform. The authentication process is unique for each transaction and utilises the test account credentials which are supplied following the configuration of the merchant test account, namely;

  • TerminalID
  • ClientID
  • ClientSecret

Authentication POST - Request

Authentication is completed via a POST request to the test URL shown below.

Security Risk

The “client_secret” must always be stored securely. Do not send authorisation requests from the front-end as the user could access the data via the web browser’s console.

The POST must contain the below form-data.

Authentication Request
Field NameStateData TypeDescription
client_idMandatoryStringProvided to the integrator following the successful creation of a test account.
client_secretMandatoryStringProvided to the integrator following the successful creation of a test account.

Authentication POST - Response

Following the receipt of a correctly formatted authorisation POST the DNA platform will respond with the below.

Field NameData TypeDescription
access_tokenStringAccess token provided by the DNA platform for this transaction. The token should be securely stored ready to be used in the transaction request.
expires_inIntegerNumber of seconds from generation until the access_token expires. If the token is not used before this time has passed a new token will need to be requested.
refresh_tokenStringReserved for future use.
token_typeStringType of token issued
BearerBearer token

Example Request and Response

Example: Authentication Request (NodeJs)
var request = require("request");
var options = {
method: 'POST',
url: '',
scope: 'payment_method_management',
client_id: 'ExampleShop',
client_secret: 'mFE454mEF6kmGb4CDDeN6DaCnmQPf4KLaF59GdqwP',
grant_type: 'client_credentials'
request(options, function (error, response, body)
if (error) throw new Error(error);