Partner integrations require you to retrieve an OAuth access token for a specific merchant and use that unique token in all subsequent API calls.

OAuth Token Generation

In order to initiate API requests on behalf of your merchants, you will first need to retrieve OAuth tokens. The process is illustrated below:

  • The Nuapay Customer Support team will issue an API Key to you upon request.
  • The OAuth token retrieved from the /tokens endpoint allows you to then generate API requests on behalf of a specific merchant/organisation.
  • When generating an API request, provide the retrieved token as the authentication username in all your API requests.
  • A password is not required, however the request must be made from an allowed-IP-address.
API authentication header format: Authorization: Bearer <OAuth Token>

API Details - GET /organisations

Use the GET /organisations endpoint to retrive the organisations linked to your partner entity:

Scopes and Time To Live (TTL)

Before generating an OAuth token for a specific organisation you will need to specify the scopes required and the token’s TTL.

  • At least one scope must be included in your request.
  • The TTL by default is 10 seconds but long-lived tokens may also be created by configuring the expiresIn value in the request body.

API Details - POST /tokens

The POST /organisations/{encodedOrganisationId}/tokens endpoint takes an encoded organisation ID (returned from the GET /organisations endpoint) and returns an OAuth token.

  • As outlined above, specify the scopes (required) and Time To Live - expiresIn (optional) in the request.
  • Specify admin as the required scope when working with Direct Debits and Credit Transfers.