Prior to attempting to process a transaction the host website must complete authentication with the DNA platform. The authentication process is unique for each transaction and utilises the test account credentials which are supplied following the configuration of the merchant test account, namely;
POST - Request
Authentication is completed via a
POST request to the test URL shown below.
The “client_secret” must always be stored securely. Do not send authorisation requests from the front-end as the user could access the data via the web browser’s console.
POST must contain the below data.
|Field Name||State||Data Type||Description|
|grant_type||Mandatory||String||Authorisation type required to confirm the action required.|
|scope||Mandatory||String||Confirm scope of the action to be performed with credentials.|
|client_id||Mandatory||String||Provided to the integrator following the successful creation of a test account.|
|client_secret||Mandatory||String||Provided to the integrator following the successful creation of a test account.|
|invoiceId||Mandatory||String||Order/invoice/transaction/basket number generated by the host website. This ID must be unique for this transaction.|
|amount||Mandatory||Decimal||Total amount of the order including decimal places where applicable. ‘Whole’ amounts (e.g. “1”) on a GBP account will be processed as £1.00.|
|currency||Mandatory||String||Currency of the transaction.|
|terminal||Mandatory||String||Provided to the integrator following the successful creation of a test account.|
If using Apple Pay in a Lightbox, you will need to register the URL of your website with us. Apple Pay requires all websites to be whitelisted and the Lightbox prevents our own whitelisting from being considered. See xxxxxxxxx for more information.
POST - Response
Following the receipt of a correctly formatted authorisation POST the DNA platform will respond with the below.
|Field Name||Data Type||Description|
|access_token||String||Access token provided by the DNA platform for this transaction. The token should be securely stored ready to be used in the transaction request.|
|expires_in||Integer||Number of seconds from generation until the access_token expires. If the token is not used before this time has passed a new token will need to be requested.|
|refresh_token||String||Reserved for future use.|
|scope||String||Confirmation of the scope(s) passed in the authorisation request.|
|token_type||String||Type of token issued|
Example Request and Response
The Response you receive is passed in almost verbatim, later in the Apple Pay Direct process.