AccessToken is a resource that authorizes access to specific client data, such as their credit card information. To consume the methods of the Protected Card API, it is necessary to obtain the access_token in the OAuth 2.0 standard:
| Environment | URL + Endpoint | Authorization |
|---|---|---|
| SANDBOX | https://authsandbox.braspag.com.br/oauth2/token | "Basic {base64}" |
| PRODUCTION | https://auth.braspag.com.br/oauth2/token | "Basic {base64}" |
- Concatenate
ClientIdandClientSecret(ClientId:ClientSecret). - Encode the concatenation result in base64, creating a string.
- Send a request to the authorization server using the alphanumeric code created (string) - see example below.
Request the support team to create the
ClientIdandClientSecretfor your store to use in both SANDBOX and PRODUCTION environments.
Request
POST oauth2/token
--request POST "https://authsandbox.braspag.com.br/oauth2/token"
--header "Authorization: Basic _(Authorization)_"
--header "Content-Type: application/x-www-form-urlencoded"
--body "grant_type=client_credentials"
| Parameters | Description |
|---|---|
Authorization | Basic (Authorization) |
Content-Type | application/x-www-form-urlencoded |
grant_type | client_credentials |
Response
{
"access_token": "faSYkjfiod8ddJxFTU3vti_ ... _xD0i0jqcw",
"token_type": "bearer",
"expires_in": 599
}
| Response | Description |
|---|---|
access_token | The requested access token. The application can use this token to authenticate with the protected resource. |
token_type | Indicates the value of the token type. |
expires_in | Access token expiration, in seconds After the token expires, you need to generate a new token. |