Authentication
Prior to attempting to process a transaction the host website must complete authentication with the DNA platform. The authentication process is unique for each transaction and utilises the test account credentials which are supplied following the configuration of the merchant test account, namely;
- TerminalID
- ClientID
- ClientSecret
Authentication POST - Request
Authentication is completed via a POST request to the test URL shown below.
Security Risk
The “client_secret” must always be stored securely. Do not send authorisation requests from the front-end as the user could access the data via the web browser’s console.
The POST must contain the below form-data.
| Authentication Request | |||
|---|---|---|---|
| Field Name | State | Data Type | Description |
| grant_type | Mandatory | String | client_credentials |
| scope | Mandatory | String | payment_method_management |
| client_id | Mandatory | String | Provided to the integrator following the successful creation of a test account. |
| client_secret | Mandatory | String | Provided to the integrator following the successful creation of a test account. |
Authentication POST - Response
Following the receipt of a correctly formatted authorisation POST the DNA platform will respond with the below.
| Field Name | Data Type | Description | ||
|---|---|---|---|---|
| access_token | String | Access token provided by the DNA platform for this transaction. The token should be securely stored ready to be used in the transaction request. | ||
| expires_in | Integer | Number of seconds from generation until the access_token expires. If the token is not used before this time has passed a new token will need to be requested. | ||
| refresh_token | String | Reserved for future use. | ||
| scope | String | payment_method_management | ||
| token_type | String | Type of token issued
|
Example Request and Response
- Request
- Response
Example: Authentication Request (NodeJs)
var request = require("request");
var options = {
method: 'POST',
url: 'https://oauth.dnapayments.com/oauth2/token',
formData:
{
scope: 'payment_method_management',
client_id: 'ExampleShop',
client_secret: 'mFE454mEF6kmGb4CDDeN6DaCnmQPf4KLaF59GdqwP',
grant_type: 'client_credentials'
}
};
request(options, function (error, response, body)
{
if (error) throw new Error(error);
console.log(body);
});
Example: Authentication Response
{
"access_token": "D*OAeMXErWmCSWcZYsyJf0cRZlC5C$hCR2dEGJp7.2q1W*z_iSC9sa3JGLtAR3ZG",
"expires_in": 7200,
"refresh_token": "!NnycppKptqQE_w6!0oul!=bCEXlu=JX*7yW!h.xpuHJvs9ums9lPJ1FpUfmSfH7",
"scope": "payment_method_management",
"token_type": "Bearer"
}