General information

Some terminology

Person - physical ConnectPay User.

Customer - entity that holds accounts. It can be either Personal, either Corporate. Person can belong to several Customers of any type.

BaaS Partner - Customer having BaaS contract and managing its Clients' data on their behalf.

BaaS Client - Customer that is controlled by BaaS Partner.

OAuth 2.0

ConnectPay APIs are secured using OAuth2.0 model, following Authorization Code Grant flow. Your Customer's Account Represenative (AR) will have to get temporary authCode viaOnline Banking portal and share it with engineering team. Engineers will have to exchange this authCode to Access Token via secure server-to-server channel (and setup a procedure to maintain it)

To access your data via API, with each request you must present valid Access Token which is associated with Person and Customer. Your data will not be accessible to other Customers.

E.g., You, as a Person X, belong to Customer A and Customer B. You have Access Token issued to Person X and Customer A. With this Token will not be able to access Customers B data.

Getting authCode

1.

To initiate authCode generation, login to ConnectPay Online Banking, select required Customer and navigate to Settings:

Open API tab:

2.

Press + Generate AuthCode button to start new API access flow.

Select Product. For accessing Online Banking APIs, choose Online Banking API. For accessing Merchant Gateway APIs, choose Merchant API

Carefully read Terms of Use. You have to accept them to access APIs.

3.

Enter API key (a.k.a, ClientId) that you can find in DevApp list, next to DevApp name.

Press Next.

4.

Note: Grant selection screen is only available for Online Banking APIs. For Merchant APIs, jump to #5

Select required grants (OAuth 2.0 scopes):

Payments - grant that allows to initiate payments, view payment statuses and details.

Pre-Authorized Payments - specific grant that allows to authorize already initiated payments.

Accounts - grant that allows to access your account details, like account or transaction lists.

Banking as a Service - grant that allows access to BaaS functionality - access to BaaS management APIs and Client data access.

By utilizing Payments and Accounts grants, you can automate payment initiation and authorization as this flow does not require human intervention.

Press Next

5.

To generate authCode, you must authorize the procedure. Hence, you will be presented with authorization option (via OTP or Mobile App)

6.

After successful authorization, you will be presented with authCode:

Share the code with engineering team, so they could exchange it to Access Token.
Code will be valid for 24 hours.