Authentication (Payment API)

Owned by Helen Griffith
Last updated: May 17, 2022

To use the Payment API, you need a bearer access token. Your bearer access token authenticates your request to the API. The API will check that you are authorized to make requests.

Getting a bearer access token

Use Vonage Contact Center’s (VCC) Authentication API to get your bearer access token. For information about using the API to get a bearer access token, see Getting your bearer access token.

When requesting your bearer access token, use globalpci as the value for scope.

Token expiration

Your bearer access token is only valid for use for one hour after being issued. After this time, the token expires and you must request a new token.

Using a bearer access token

When you have got your bearer access token, you must use the token to authenticate every request you make to the Payment API. For information about using the bearer access token, see Using your bearer access token.

Required fields

  • Headers: All API to requests must have the "Authorization: Bearer {access_token}" header with an access token obtained with OAuth protocol from VCC’s identity server.
  • Required scope: globalpci

Supported OAuth flows

VCC allows different methods of authentication (OAuth flows). The type of authentication flow depends on the type of client application you are integrating with the Payment API:

  • Client application executing on a server (for example, an agent’s backend system or order management system):

    • Authorization Code Grant (preferred when the client is capable to support it)
    • Client Credentials
    • Password Credentials

  • Client application executing on a browser:

    • Implicit Grant

Authorization example (Client Credentials flow)

Sample HTTP request to obtain an access token:

The URL for obtaining an authorization token depends on the region of your VCC account. The following example uses the URL for the North American (nam) region.

curl -X POST \
-d "grant_type=client_credentials&scope=globalpci&client_id={client id}&client_secret={client secret}" \
https://nam.newvoicemedia.com/auth/connect/token

Request Parameters:

  • client_id A unique client ID. Vonage provides this ID.
  • client_secret The secret specific to the client_id. Vonage provides this secret securely.
  • grant_type Use client_credentials.
  • scope Must be globalpci.

Alternatively, you can pass the client ID and client secret as a request header. You must supply them as Base64-encoded {client_id}:{client_secret}. The request header would be: authorization: Basic {base64-encoded-client-id-and-secret}}

Response:

{"access_token":"eyJ0eXAi....ZiWjw","expires_in":3600,"token_type":"Bearer"}

Response Fields:

  • access_token The access token. You can reuse the token multiple times until it expires.
  • expires_in The token expiry time.