To protect your data and users, Walley uses Microsoft Azure ADB2C as an authentication service provider. To gain access to the API you must identify your application against this service to obtain a token that you use to identify your application against our APIs.
Microsoft Azure ADB2C follows the standard OAuth2 and for integrating with Walley api you use the Client Credentials flow. Read more about it
1. Generate an API secret
Go to Walley Merchant Hub click on your name in the top right menu, and select "Manage access" in the menu.
- Click on the "Create +" button and then select "Api key".
- Fill out the form and click on "Create".
- Copy the client id and secret and save this to a password manager.
The secret is only visible once and can't be recovered. If lost a new secret must be created instead.
2. Request an access token
In order to communicate with our APIs, you will need to request an access token that you will use in all subsequent requests to our API.
To get the access token your application needs to perform a request against our authentication endpoint:
The token provided in this response will expire and to get a new token you can simply execute the same request again.
- Example Request
- Example Response
POST /oauth2/v2.0/token HTTP/1.1
|The client identifier of your application|
|The secret key you acquired that is connected to your clientId|
|The grant_type should be set to client_credentials|
|This is a constant value that is unique for every environment: UAT (testing) and PROD. |
3. Provide the access token with all requests
In all following calls, provide the request with an
Authorization header with the value
// Example request with an Authorization header set
GET /manage/orders/0f05ebc2-89ec-4l13-830a-ac4e0141f652 HTTP/1.1
Host: api.uat.walleydev.com // (Please note! Different hostname in production)
Authorization: Bearer bXlVc2VybmFtZTpmN2E1ODA4MGQzZTk0M2VmNWYyMTZlMDE...