Authentication and Headers

The PayTrace JSON API requires authentication and authorization in order to make request. OAuth 2.0 provides a "password" grant type which can be used to exchange a username and password for an access token directly. The client identifier and client secret are not currently used for accessing this API, but may be used in future versions of the JSON API. You will see that with a good OAuth 2.0 library to help you, integrating and authenticating with our API is easy and secure.

Every request that is part of the API requires authentication via the access token described in the previous paragraph (except for /v1/ping).

POST: /oauth/token

REQUEST:

POST /oauth/token HTTP/1.1
Host: api.paytrace.com
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

grant_type=password&username=demo123&password=demo123

Field types: R – Required, O – Optional, C - Conditional

RESPONSE:

{
"access_token":"4656d6f6132333:4656d6f6132333:2b607b9a44720c9c3ca867653c7e6ef8b3f3802709c17f2a54402820d155f214",
"token_type": "bearer",
"expires_in": 7200
}

HOW TO USE TOKEN AND TOKEN TYPE:

You can now submit the token_type and access_token as values in the Authorization Header of your JSON API request.

Below is an example of a Keyed Sale JSON API request.

POST /v1/transactions/sale/keyed HTTP/1.1
Host: api.paytrace.com
Authorization: Bearer 4656d6f6132333:4656d6f6132333:2b607b9a44720c9c3ca867653c7e6ef8b3f3802709c17f2a54402820d155f214
Content-Type: application/json
Cache-Control: no-cache

{
  "amount": "1.00",
  "credit_card": {
    "number": "4111111111111111",
    "expiration_month": "12",
    "expiration_year": "2020"
  },
  "csc": "999",
  "billing_address": {
    "name": "Steve Smith",
    "street_address": "8320 E. West St.",
    "city": "Spokane",
    "state": "WA",
    "zip": "85284"
  }
}