Authentication
To communicate with the Checkout API an Authorization header must be appended to each request. Follow the guide below to retrieve a token and create such authorization headers
Overview​
1. Generate an API secret​
Go to Walley Merchant Hub click on your name in the top right menu, and select "Manage access" in the menu.
- Click on the "Create +" button and then select "Api key".
- Fill out the form and click on "Create".
- Copy the client id and secret and save this to a password manager.
The secret is only visible once and can't be recovered. If lost a new secret must be created instead.
2. Request an access token​
In order to communicate with our APIs, you will need to request an access token that you will use in all subsequent requests to our API.
To get the access token your application needs to perform a request against our authentication endpoint: https://api.uat.walleydev.com/oauth2/v2.0/token.
See endpoints for testing and production.
Read more about access tokens
The token provided in this response will expire and to get a new token you can simply execute the same request again.
- Example Request
- Example Response
POST /oauth2/v2.0/token HTTP/1.1
Host: api.uat.walleydev.com
Content-Type: application/x-www-form-urlencoded
client_id=4edbc2f0-a1b2-4ec1-a238-cfdfa2b54cee&client_secret=7a4ksd0326~2t145676&grant_type=client_credentials&scope=1c5acc63-5f8c-4ee5-8eba-cb433ee2bc78/.default
{
"token_type": "Bearer",
"expires_in": 3599,
"ext_expires_in": 3599,
"access_token": "bXlVc2VybmFtZTpmN2E1ODA4MGQzZTk0M2VmNWYyMTZlMDE..."
}
Request Properties​
| Property | Description |
|---|---|
client_id | The client identifier of your application |
client_secret | The secret key you acquired that is connected to your clientId |
grant_type | The grant_type should be set to client_credentials |
scope | This is a constant value that is unique for every environment: UAT (testing) and PROD. UAT = 705798e0-8cef-427c-ae00-6023deba29af/.default PROD = a3f3019f-2be9-41cc-a254-7bb347238e89/.default |
3. Provide the access token with all requests​
In all following calls, provide the request with an Authorization header with the value Bearer {{access_token}}.
// Example request with an Authorization header set
GET /manage/orders/0f05ebc2-89ec-4l13-830a-ac4e0141f652 HTTP/1.1
Host: api.uat.walleydev.com // (Please note! Different hostname in production)
Content-Type: application/json
Authorization: Bearer bXlVc2VybmFtZTpmN2E1ODA4MGQzZTk0M2VmNWYyMTZlMDE...