Login flow
User access token
The user access token is needed for any API call that is specific for a single user or subscription. For example, if you want to get the subscription status of a single user, you will need a user access token. Also, if you want to cancel the subscription of the user, you will need a user token as well. Getting a user access token can be done using the following:
Validation period
The generated user Access Token will be valid for 12 hours so no need to generate a new one every time for the same user. The merchant is expected to use the same user token for the whole duration of its validity
Step 1: Authorization
The authorization process also known as login process can be started by sending an authorize request to the gateway service with ‘client_id’ parameter and additionally ‘redirect’, ‘scope’ and ‘response_type’ parameters. Note: This function can only be used if the operator supports the login flow. If not, then the user must go through the subscription flow again, and we will be returning Authorization Code at the end.
CURL example
curl --location --request GET 'https://gateway.mondiapay.com/v1/api/oauth/authorize?response_type=code&client_id=12345&redirect_uri=http://google.com' --header 'accept: */*'
Response Example
{
" url after redirection ": " www.mondia.com?code=A12345 "
}
Step 2: User access token from authorization code
Once there is an authorization code which is usually available as query parameter after the purchase flow is completed, then use the following operation to get the user access token. This operation is server to server API call, it is expected that the Client call this operation from their backend.
CURL example
curl --location --request POST 'https://gateway.mondiapay.com/v1/api/oauth/token?grant_type=authorization_code&client_id=12345&client_secret=12345&code=A12345&redirect_uri=https://www.google.com' \
--header 'Accept: application/json'\
--header 'Content-Type: application/x-www-form-urlencoded'\
Response Example
{
" access_token ": " U12345 "
" token_type ": " bearer "
" expires_in ": " 43200 "
" refresh_token ": " R12345 "
}
Another option: User access token from refresh token
Once there is a refresh token available, then use the following operation to refresh the expired user access token. As long as the corresponding refresh token, which was obtained from the above step, is available then using this operation will generate new user access token.
CURL example
curl -X POST "https://staging-gateway.mondiapay.com/v1/api/oauth/token"
curl -X POST "https://gateway.mondiapay.com/v1/api/oauth/token" -H "accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=refresh_token&client_id=12345&client_secret=12345&refresh_token=R12345"
Response Example
{
" access_token ": " U12345 "
" token_type ": " bearer "
" expires_in ": " 43200 "
" refresh_token ": " R12345 "
}