Authentication

Prior to attempting to process a transaction the host website must complete authentication with the DNA platform. The authentication process is unique for each transaction and utilises the test account credentials which are supplied following the configuration of the merchant test account, namely;

  • TerminalID
  • ClientID
  • ClientSecret

Authentication POST - Request

Authentication is completed via a POST request to the test URL shown below.

Security Risk

The “client_secret” must always be stored securely. Do not send authorisation requests from the front-end as the user could access the data via the web browser’s console.

The POST must contain the below data.

Authentication Request
Field NameStateData TypeDescription
grant_typeMandatoryStringAuthorisation type required to confirm the action required.
  • client_credentials Obtain credentials required to process a transaction.
scopeMandatoryStringConfirm scope of the action to be performed with credentials.
  • payment integration_hosted Full re-direct.
  • payment integration_embedded JavaScript Lightbox - content delivered via iFrame.
  • payment integration_seamless JavaScript Lightbox - content hosted on merchant site.
  • webapi Transaction management.
payment integration_seamless must be used if you are using our Hosted Fields solution.
client_idMandatoryStringProvided to the integrator following the successful creation of a test account.
client_secretMandatoryStringProvided to the integrator following the successful creation of a test account.
invoiceIdMandatoryStringOrder/invoice/transaction/basket number generated by the host website. This ID must be unique for this transaction.
amountMandatoryDecimalTotal amount of the order including decimal places where applicable. ‘Whole’ amounts (e.g. “1”) on a GBP account will be processed as £1.00.
currencyMandatoryStringCurrency of the transaction.
GBPPound Sterling
terminalMandatoryStringProvided to the integrator following the successful creation of a test account.
Security Risk

payment integration_embedded and payment integration_seamless are not enabled by default as they require you to handle raw card data, which carries significant risk. Please contact us if you wish to have either enabled.

Authentication POST - Response

Following the receipt of a correctly formatted authorisation POST the DNA platform will respond with the below.

Field NameData TypeDescription
access_tokenStringAccess token provided by the DNA platform for this transaction. The token should be securely stored ready to be used in the transaction request.
expires_inIntegerNumber of seconds from generation until the access_token expires. If the token is not used before this time has passed a new token will need to be requested.
refresh_tokenStringReserved for future use.
scopeStringConfirmation of the scope(s) passed in the authorisation request.
token_typeStringType of token issued
BearerBearer token

Example Request and Response

Example: Authentication Request (NodeJs)
var request = require("request");
var options = {
method: 'POST',
url: 'https://oauth.dnapayments.com/oauth2/token',
formData:
{
scope: 'payment integration_hosted',
client_id: 'ExampleShop',
client_secret: 'mFE454mEF6kmGb4CDDeN6DaCnmQPf4KLaF59GdqwP',
grant_type: 'client_credentials',
invoiceId: '1234567',
amount: '1',
currency: 'GBP',
terminal: 'b95c9d1f-132f-4e04-92d2-32335c7486ea'
}
};
request(options, function (error, response, body)
{
if (error) throw new Error(error);
console.log(body);
});

The Response you receive is passed in almost verbatim, later in the Apple Pay Direct process.