Getting access token

The Braspag Antifraude Gateway API uses the OAuth 2.0 market standard protocol to authorize access to its specific resources by environments, Sandbox and Production.

How to get the access token

During onboarding, you will receive the ClientId and ClientSecret credentials. If you have not received the credential, request it from Braspag Support

1. Concatenate the credentials in the format ClientId:ClientSecret;
2. Convert the result to base 64, generating a string;

Example:

• client_id: braspagtestes
• client_secret: 1q2w3e4r5t6y7u8i9o0p0q9w8e7r6t5y4u3i2o1p
• String to be encoded in Base64: braspagtestes:1q2w3e4r5t6y7u8i9o0p0q9w8e7r6t5y4u3i2o1p
• Result after encoding: YnJhc3BhZ3Rlc3RlczoxcTJ3M2U0cjV0Nnk3dThpOW8wcDBxOXc4ZTdyNnQ1eTR1M2kybzFw

3. Send the string in base 64 in the Authentication request (POST);
4. The Authentication API will validate the string and return the access_token.

The returned token (access_token) must be used in every request to the Antifraud Gateway API as an authorization key. The access_token is valid for 20 minutes and a new one must be generated every time the validity expires.

See the image for the authentication scheme and sending of the access_token in the fraud analysis request.