Tarabut Portal

Payments authentication

Start by generating a payment token to make payment API requests. Make a HTTP POST request to the relevant endpoint + /api/oauth/token/. Use a payments access token

Request

curl --location --request POST 'https://sandbox.payments.tarabutgateway.io/api/oauth/token' 
--header 'Content-Type: application/x-www-form-urlencoded' 
--data-urlencode 'grant_type=client_credentials' 
--data-urlencode 'client_id=<payment_key>'
--data-urlencode 'client_secret=<payment_secret>’

Response

{
    "access_token": "eyJraWQiOiJwYXl2eW5lLWRldi1raWQiLCJhbGciOiJSUzI1NiJ9.ewogICJzdWIiOiAiYm5iNzhUbjc2ekhBUHNNTFdCNjJNUSIsCiAgInVzZXJfbmFtZSI6ICJ6b2xpK21lcmNAZXRoaWNhLmh1IiwKICAiaXNzIjogImh0dHBzOi8vZGV2LmFwcC5wYXl2eW5lLmNvbSIsCiAgIm1lcmNoYW50IjogIjkwM2VmM2FhMjZjYzY2MGEiLAogICJjbGllbnRfaWQiOiAiYm5iNzhUbjc2ekhBUHNNTFdCNjJNUSIsCiAgImF1dGhvcml0aWVzIjogWwogICAgIlJPTEVfUEFZIgogIF0sCiAgImF1ZCI6ICJibmI3OFRuNzZ6SEFQc01MV0I2Mk1RIiwKICAibmJmIjogMTY5NzcxNjQwNiwKICAidXNlcl9pZCI6ICIxMWVlNTg3NS1hNDZlLTRiNzEtODBlZS0wNjFlLKSJDidiDzYzMiLAogICJtZmFfcmVxdWlyZWQiOiBmYWxzZSwKICAiZXhwIjogMTY5NzcyMDAwNiwKICAiaWF0IjogMTY5NzcxNjQwNiwKICAianRpIjogImV1YU82YllLZGhmSEsxejQtNGZjRHdLbXdwYyIKfQ.eVKgcZE9uc-j6bSLWUlYXtUW-AU68eLFDSg9wjtXMWYIcTxtsXFqVcBrGwaPzYzPzlcA1oLCbUElbhYDub32M7tmKpbttZ8UP6DMOqAEp70Sy2R0R9ECIXxu_8yO7-i5HenqwHR0f56gx-qgJifhxKzg0azD_VkwIQtj6BhVWut_-NMv2TmzsowcTYMRDE2NkReVpViPdSht5jl-lxpCmlCO5IK-xOR2L3sj1RQZNRwpV0bYHMJplwaBoudUvCEwpd0KR4Dl352an8YTHSqD-rm66od6geg4H_8w2MQ3bG0-c598_xVm2L__jGvMsbq1BG8kEcmCw0Zwdxz5q0V2gA",
    "scope": "pay",
    "expires_in": 3599
}
ParameterDescription
access_tokenThe authorised token used when interacting with the Payments API
merchant16 digit alphanumeric unique merchant identifier.

📘

Helpful to know

Payment tokens expire after 60 minutes and can be used for multiple calls during this period. In order to prevent unnecessary processing you should store the payment token generated and use it for all calls during the 60 minute period. After it expires you should request a new token.