Skip to main content

Authentication

To communicate with the Checkout API an Authorization header must be appended to each request. Follow the guide below to retrieve a token and create such authorization headers

Overview​

1. Generate an API secret​

Go to Walley Merchant Hub click on your name in the top right menu, and select "Manage access" in the menu.

  • Click on the "Create +" button and then select "Api key".
  • Fill out the form and click on "Create".
  • Copy the client id and secret and save this to a password manager.
Important

The secret is only visible once and can't be recovered. If lost a new secret must be created instead.

2. Request an access token​

In order to communicate with our APIs, you will need to request an access token that you will use in all subsequent requests to our API.

To get the access token your application needs to perform a request against our authentication endpoint: https://api.uat.walleydev.com/oauth2/v2.0/token.

See endpoints for testing and production.
Read more about access tokens

Please Note

The token provided in this response will expire and to get a new token you can simply execute the same request again.

POST /oauth2/v2.0/token HTTP/1.1
Host: api.uat.walleydev.com
Content-Type: application/x-www-form-urlencoded

client_id=4edbc2f0-a1b2-4ec1-a238-cfdfa2b54cee&client_secret=7a4ksd0326~2t145676&grant_type=client_credentials&scope=1c5acc63-5f8c-4ee5-8eba-cb433ee2bc78/.default

Request Properties​

PropertyDescription
client_idThe client identifier of your application
client_secretThe secret key you acquired that is connected to your clientId
grant_typeThe grant_type should be set to client_credentials
scopeThis is a constant value that is unique for every environment: UAT (testing) and PROD.
UAT = 705798e0-8cef-427c-ae00-6023deba29af/.default
PROD = a3f3019f-2be9-41cc-a254-7bb347238e89/.default

3. Provide the access token with all requests​

In all following calls, provide the request with an Authorization header with the value Bearer {{access_token}}.

// Example request with an Authorization header set

GET /manage/orders/0f05ebc2-89ec-4l13-830a-ac4e0141f652 HTTP/1.1
Host: api.uat.walleydev.com // (Please note! Different hostname in production)
Content-Type: application/json
Authorization: Bearer bXlVc2VybmFtZTpmN2E1ODA4MGQzZTk0M2VmNWYyMTZlMDE...