Authentication
To protect your data and users, Walley uses Microsoft Azure ADB2C as an authentication service provider. To gain access to the API you must identify your application against this service to obtain a token that you use to identify your application against our APIs.
Microsoft Azure ADB2C follows the standard OAuth2 and for integrating with Walley api you use the Client Credentials flow. Read more about it
Overview​
1. Generate an API secret​
Go to Walley Merchant Hub click on your name in the top right menu, and select "Manage access" in the menu.
- Click on the "Create +" button and then select "Api key".
- Fill out the form and click on "Create".
- Copy the client id and secret and save this to a password manager.
The secret is only visible once and can't be recovered. If lost a new secret must be created instead.
2. Request an access token​
In order to communicate with our APIs, you will need to request an access token that you will use in all subsequent requests to our API.
To get the access token your application needs to perform a request against our authentication endpoint: https://api.uat.walleydev.com/oauth2/v2.0/token.
See endpoints for testing and production.
Read more about access tokens
The token provided in this response will expire and to get a new token you can simply execute the same request again.
- Example Request
- Example Response
POST /oauth2/v2.0/token HTTP/1.1
Host: api.uat.walleydev.com
Content-Type: application/x-www-form-urlencoded
client_id=4edbc2f0-a1b2-4ec1-a238-cfdfa2b54cee&client_secret=7a4ksd0326~2t145676&grant_type=client_credentials&scope=1c5acc63-5f8c-4ee5-8eba-cb433ee2bc78/.default
{
"token_type": "Bearer",
"expires_in": 3599,
"ext_expires_in": 3599,
"access_token": "bXlVc2VybmFtZTpmN2E1ODA4MGQzZTk0M2VmNWYyMTZlMDE..."
}
Request Properties​
| Property | Description |
|---|---|
client_id | The client identifier of your application |
client_secret | The secret key you acquired that is connected to your clientId |
grant_type | The grant_type should be set to client_credentials |
scope | This is a constant value that is unique for every environment: UAT (testing) and PROD. UAT = 705798e0-8cef-427c-ae00-6023deba29af/.default PROD = a3f3019f-2be9-41cc-a254-7bb347238e89/.default |
3. Provide the access token with all requests​
In all following calls, provide the request with an Authorization header with the value Bearer {{access_token}}.
// Example request with an Authorization header set
GET /manage/orders/0f05ebc2-89ec-4l13-830a-ac4e0141f652 HTTP/1.1
Host: api.uat.walleydev.com // (Please note! Different hostname in production)
Content-Type: application/json
Authorization: Bearer bXlVc2VybmFtZTpmN2E1ODA4MGQzZTk0M2VmNWYyMTZlMDE...