E-Mandates Partner Integration | Nuapay Developer Hub

Partner integrations require you to retrieve an OAuth access token for a specific merchant and use that unique token in all subsequent API calls.

OAuth Token Generation

In order to initiate API requests on behalf of your merchants, you will first need to retrieve OAuth tokens. The process is illustrated below:

The Nuapay Customer Support team will issue An API Key to you upon request. The OAuth token retrieved from the /tokens endpoint allows you to then generate API requests on behalf of a specific merchant/organisation.

When generating an API request, provide the retrieved token as the authentication username in all your API requests. A password is not required, however the request must be made from an allowed IP address.

API authentication header format: Authorization: Bearer <OAuth Token>

API Details - GET /organisations

Swagger Reference: Gatekeeper

Note:

When working with our APIs, please use the Sandbox URI when testing and the Live URI when you move to Production.

LIVE     https://api.nuapay.com
SANDBOX  https://sandbox.nuapay.com/

If you haven't done so already and would like to do some testing, please Request Sandbox Access

Important: Endpoints and Webhooks may be extended from time to time and any changes we make will follow our Versioning and Backward Compatibility rules. This means that the code that you write today must be designed to be robust enough to handle any future changes (where a new object is added to (or removed from) a specific API response, for example).

Use the /organisations endpoint to retrive the organisations linked to your partner entity:

Scopes and Time To Live (TTL)

Before generating an OAuth token for a specific organisation you will need to specify the scopes required and the token’s TTL.

At least one scope must be included in your request.

The TTL by default is 10 seconds but long-lived tokens may also be created by configuring the expiresIn value in the request body.

Note: Where you have created a long-lived token, it is possible to revoke it through a revoke API request. See Token Management

API Details - POST /tokens

The /organisations/{encodedOrganisationId}/tokens endpoint takes an encoded organisation ID (returned from the /organisations endpoint) and returns an OAuth token.

As outlined above, specify the scopes (required) and Time To Live - expiresIn (optional) in the request. Specify admin as the required scope when working with E-Mandates.

Once you have retrieved the token for the required merchant, use it in the HTTP Authorization Header of the API requests you generate.