Authentication
Prior to attempting to process a transaction the host website must complete authentication with the DNA platform. The authentication process is unique for each transaction and utilises the test account credentials which are supplied following the configuration of the merchant test account, namely;
- TerminalID
- ClientID
- ClientSecret
Authentication POST
- Request
Authentication is completed via a POST
request to the test URL shown below.
The “client_secret” must always be stored securely. Do not send authorisation requests from the front-end as the user could access the data via the web browser’s console.
The POST
must contain the below data.
Authentication Request | |||||
---|---|---|---|---|---|
Field Name | State | Data Type | Description | ||
grant_type | Mandatory | String | Authorisation type required to confirm the action required.
| ||
scope | Mandatory | String | Confirm scope of the action to be performed with credentials.
| ||
client_id | Mandatory | String | Provided to the integrator following the successful creation of a test account. | ||
client_secret | Mandatory | String | Provided to the integrator following the successful creation of a test account. | ||
invoiceId | Mandatory | String | Order/invoice/transaction/basket number generated by the host website. This ID must be unique for this transaction. | ||
amount | Mandatory | Decimal | Total amount of the order including decimal places where applicable. ‘Whole’ amounts (e.g. “1”) on a GBP account will be processed as £1.00. | ||
currency | Mandatory | String | Currency of the transaction.
| ||
terminal | Mandatory | String | Provided to the integrator following the successful creation of a test account. |
Authentication POST
- Response
Following the receipt of a correctly formatted authorisation POST the DNA platform will respond with the below.
Field Name | Data Type | Description | ||
---|---|---|---|---|
access_token | String | Access token provided by the DNA platform for this transaction. The token should be securely stored ready to be used in the transaction request. | ||
expires_in | Integer | Number of seconds from generation until the access_token expires. If the token is not used before this time has passed a new token will need to be requested. | ||
refresh_token | String | Reserved for future use. | ||
scope | String | Confirmation of the scope(s) passed in the authorisation request. | ||
token_type | String | Type of token issued
|
Example Request and Response
- Request
- Response
var request = require("request");
var options = {
method: 'POST',
url: 'https://oauth.dnapayments.com/oauth2/token',
formData:
{
scope: 'payment integration_hosted',
client_id: 'ExampleShop',
client_secret: 'mFE454mEF6kmGb4CDDeN6DaCnmQPf4KLaF59GdqwP',
grant_type: 'client_credentials',
invoiceId: '1234567',
amount: '1',
currency: 'GBP',
terminal: 'b95c9d1f-132f-4e04-92d2-32335c7486ea'
}
};
request(options, function (error, response, body)
{
if (error) throw new Error(error);
console.log(body);
});
{
"access_token":"qy/ZWj049WHUZj+8i1pUwmYxswo4GXK+Z5",
"expires_in": 7200,
"refresh_token":"",
"scope":"payment integration_hosted",
"token_type":"Bearer"
}
The Response you receive is passed in almost verbatim, later in the Google Pay Direct process.