Authentication Without Email / Password
Client Id and Client Secret are available over the merchant portal in the Settings menu.
Encryption of the body payload is as follows:-
If we provide the clientSecret as string it will not use it as a key but a passphrase to derive the key value using a KDF. The default KDF for this library is similar to the open SSL EVP function. (for reference: https://www.openssl.org/docs/manmaster/man3/EVP_BytesToKey.html) This function generates the actual AES keys using MD5 hashing and uses 1 iteration.
Used for generating access and refresh token
POST
api/auth/generate-auth-token'
This API is used for generating access and refresh tokens without using merchant email and password. It required body to be encrypted using AES.
Request Body
Name | Type | Description |
---|---|---|
clientId* | String | Client Id can be accessed in Settings menu |
encryptedPayload* | String | AES encrypted (using client secret) payload containing merchant Id and totp |
Last updated