Skip to main content

Identify buyer

Prior to invoking the AddInvoice function to initiate a purchase, the buyer must be authenticated using the endpoints detailed in this document.

The identification process for Phone Number involves the following steps. Only valid if no registration number exists:

  1. Dispatch an OTP challenge to the buyer via SMS using the Identify buyer endpoint.
  2. Validate the OTP with the Verify endpoint using the OTP from the challenge. This returns a list of organizations for which the buyer has purchasing rights.
  3. Utilize the token returned in step 1 when invoking AddInvoice. Refer to AdditionalInformation in Add Invoice.

Initiate buyer identification​

This endpoint is used to initiate a new identification. Depending on the means of identification, either SMS or registration number, the identification flow is slightly different. A token is returned, which is subsequently used to validate any OTP and the AddInvoice request.

Registration number (CivRegNo)​

When identifying the end customer using registration number the request is immediately validated. The returned token can be used to fetch organizations and to make purchases as soon as it is returned.

POST /b2b/{{countryCode}}/identify HTTP/1.1
Host: api.uat.walleydev.com // (Please note! Different hostname in production)
Authorization: Bearer bXlVc2VybmFtZTpmN2E1ODA4MGQzZTk0M2VmNWYyMTZlMDE...

{
    "Type": "RegistrationNumber",
    "Value": "198010011016"
}

Phone​

The request below will cause a text message with an password to be sent to the supplied phone number.

POST /b2b/{{countryCode}}/identify HTTP/1.1
Host: api.uat.walleydev.com // (Please note! Different hostname in production)
Authorization: Bearer bXlVc2VybmFtZTpmN2E1ODA4MGQzZTk0M2VmNWYyMTZlMDE...

{
    "Type": "Phone",
    "Value": "+46731234567"
}

Verify OTP​

This endpoint is used to verify the OTP with the password entered by the buyer. After the OTP has been successfully verified, the organizations for which the buyer has purchasing rights are displayed. It's important to store the returned token, as it is required to authorize the AddInvoice request.

Note that if identification has been done with registration number, no password has to be supplied.

Registration number (CivRegNo)​

POST /b2b/{{countryCode}}/identify/{{token}}/verify HTTP/1.1
Host: api.uat.walleydev.com // (Please note! Different hostname in production)
Authorization: Bearer bXlVc2VybmFtZTpmN2E1ODA4MGQzZTk0M2VmNWYyMTZlMDE...

{}

Phone​

POST /b2b/{{countryCode}}/identify/{{token}}/verify HTTP/1.1
Host: api.uat.walleydev.com // (Please note! Different hostname in production)
Authorization: Bearer bXlVc2VybmFtZTpmN2E1ODA4MGQzZTk0M2VmNWYyMTZlMDE...

{
    "Otp": "519943"
}
Http status codeDescription
200Identity verified
202OTP challenge sent through SMS
400Error, refer to returned problem details
401Unauthorized, token verification needed. See: Authentication for more information
403Permissions needed

Data Model​

Request​

Request headers​
HeaderRequiredExplanation
AuthorizationYesInstructions on how to generate the Bearer token value can be found here
Request path parameters​
ParameterRequiredExplanation
countryCodeYesThe country where the purchase is made. (SE, NO or FI)
tokenYesA unique token for the identification. Used to verify a OTP.
Request body​
Initiate buyer identification​
PropertyRequiredExplanationTypeNotes
typeYesThe type of OTP methodenum1 = Phone, where OTP challenge is delivered by SMS
2 = RegistrationNumber
ValueYesPhone number or Registration NumberstringInclude countryCode
Verify OTP​
PropertyRequiredExplanationTypeNotes
OtpYesThe challenge password entered by the buyernumberReceived by SMS from Walley. Only required if identifying by phone