Use the /Authorize
endpoint to authorize and initiate a new session in the FlinksPay application.
Authorizing and generating an access token
In order to generate FlinksPay sessions and request an application link, you must first authorize with Flinks.
This API is used to verify that it is indeed your server that is creating a session, and to grant credentials that can be utilized in following API calls.
The Username and Password that will be utilized in the authentication process will be provided securely during onboarding. If you believe that these credentials have been compromised please reach out to the Flinks team to dispose of the old credentials and generate new ones for your calls.
In order to successfully initiate the process, you will need to use the Username/Password supplied during onboarding for authentication, and supply the following parameter within your request body to /Authorize.
{
"grant_type": "client_credentials"
}
When Flinks validates that the credentials provided belong to the instance and that no errors occurred, /Authorize will respond with a HTTPS 200 Status Code and the following response body.
{
"access_token": "84002b62-a47e-45a6-97dd-306a8f9721d7",
"token_type": "bearer",
"expires_in": 299
}
Once this step has been reached, it means that you have successfully authenticated with Flinks, and you can proceed. The received access_token
can now be utilized to call the /Initiate
API to generate a session and FlinksPay URI.
Please note that authorizations are time-limited as reflected in the expires_in
field. This integer field indicates how long the access_token
is valid for in seconds. By default, an access_token
is valid for 299 seconds (5 minutes). If you do not make any additional calls (to create a session) in that timeframe, authorization will timeout and you will need to re-authorize to create a session.
Important Note on Authorization
You must call
/Authorize
before generating any new session and using the correspondingaccess_token
. Tokens can only be used to initiate a single session, for any subsequent sessions a new token must be generated.