API Platform authentication

The API platform replaces the need to call individual merchant URL’s by using a Client-Id header to differentiate between merchants instead. It uses a Bearer token for authentication, which replaces the need for authenticating through a separate API key and secret for each client.

Below you will find instructions for generating a bearer token and other details for QA and PROD environments.

General info

Existing endpoints remain unchanged, however, we released 2 additional endpoints that can only be accessed by API platform users:

GET /external/integrations - Lists all clients that the integration has access to.
GET /external/message-log - Lists all of the failed webhooks.

Things to note

  1. Once a Partner is created in Revel’s API platform, we send an automated email that allows you to recover your API credentials(Client ID and Client secret) required for generating a bearer token:


📘

This is a link that can be used only once and it will not be valid in 72 hours. If you need another link generated, contact our support team.

  1. The Client ID and Client secret are only used to generate a bearer token. The same Client ID and Client secret will be used for all merchants.
  2. The Client-Id header must be used to differentiate between different merchants. The Client-Id is the merchant's Revel URL without “.revelup.com”. Example: for https://exampleurl.revelup.com/ the Client-Id will be “exampleurl”.
  3. A Bearer token is used for authentication instead of an API Key and Secret. The same Bearer token is used for all merchants.
  4. A new token needs to be generated once every 24 hours. Generating new tokens doesn’t expire the old one(s), therefore, a new token can be generated while the old one is still being used without interruption.

QA Environment

The baseURL to be used is https://api.qa.revelup.io/. The same baseURL is used for all merchants.

Generating a bearer token for QA environment

To generate a Bearer token make a POST call to https://authentication.qa.revelup.com/oauth/token with the following body:

{
   "grant_type": "client_credentials",
   "client_id": "",
   "client_secret": "",
   "audience": "https://api.revelsystems.com"
}

Use the client_id and client_secret that were fetched in the steps above.

PROD environment

The baseURL to be used is https://api.revelsystems.com/. The same baseURL is used for all merchants.

Generating a bearer token for PROD environment

To generate a Bearer token make a POST call to https://authentication.revelup.com/oauth/token with the following body:

{
   "grant_type": "client_credentials",
   "client_id": "",
   "client_secret": "",
   "audience": "https://api.revelsystems.com"
}

Use the client_id and client_secret that were fetched in the steps above.