To use the Payment API, you need a bearer access token. Your bearer access token authenticates your request to the API. The API will check that you are authorized to make requests.
Getting a bearer access token
Use Vonage Contact Center’s (VCC) Authentication API to get your bearer access token. For information about using the API to get a bearer access token, see Getting your bearer access token.
When requesting your bearer access token, use globalpci
as the value for scope.
Token expiration
Your bearer access token is only valid for use for one hour after being issued. After this time, the token expires and you must request a new token.
Using a bearer access token
When you have got your bearer access token, you must use the token to authenticate every request you make to the Payment API. For information about using the bearer access token, see Using your bearer access token.
Required fields
- Headers: All API to requests must have the
"Authorization: Bearer {access_token}"
header with an access token obtained with OAuth protocol from VCC’s identity server. - Required scope:
globalpci
Supported OAuth flows
VCC allows different methods of authentication (OAuth flows). The type of authentication flow depends on the type of client application you are integrating with the Payment API:
Client application executing on a server (for example, an agent’s backend system or order management system):
- Authorization Code Grant (preferred when the client is capable to support it)
- Client Credentials
- Password Credentials
Client application executing on a browser:
- Implicit Grant
Authorization example (Client Credentials flow)
Sample HTTP request to obtain an access token:
The URL for obtaining an authorization token depends on the region of your VCC account. The following example uses the URL for the North American (nam) region.
curl -X POST \
-d "grant_type=client_credentials&scope=globalpci&client_id={client id}&client_secret={client secret}" \
https://nam.newvoicemedia.com/auth/connect/token
Request Parameters:
client_id
A unique client ID. Vonage provides this ID.client_secret
The secret specific to theclient_id
. Vonage provides this secret securely.grant_type
Useclient_credentials
.scope
Must beglobalpci
.
Alternatively, you can pass the client ID and client secret as a request header. You must supply them as Base64-encoded {client_id}:{client_secret}
. The request header would be: authorization: Basic {base64-encoded-client-id-and-secret}}
Response:
{"access_token":"eyJ0eXAi....ZiWjw","expires_in":3600,"token_type":"Bearer"}
Response Fields:
access_token
The access token. You can reuse the token multiple times until it expires.expires_in
The token expiry time.