API Platform authentication

The API platform replaces the need to call individual merchant URL’s by using a Client-Id header to differentiate between merchants instead. It uses a Bearer token for authentication, which replaces the need for authenticating through a separate API key and secret for each client.

Below you will find instructions for generating a bearer token and other details for QA and PROD environments.

General info

Existing endpoints remain unchanged, however, we released 2 additional endpoints that can only be accessed by API platform users:

GET /external/integrations - Lists all clients that the integration has access to.
GET /external/message-log - Lists all of the failed webhooks.

Things to note

  1. Once a Partner is created in Revel’s API platform, we send an automated email that allows you to recover your API credentials(Client ID and Client secret) required for generating a bearer token:

NOTE: This is a link that can be used only once and it will not be valid in 6 hours !!! If you need another link generated, contact our support team.

  1. The Client ID and Client secret are only used to generate a bearer token. The same Client ID and Client secret will be used for all merchants.
  2. The Client-Id header must be used to differentiate between different merchants. The Client-Id is the merchant's Revel URL without “.revelup.com”. Example: for https://exampleurl.revelup.com/ the Client-Id will be “exampleurl”.
  3. A Bearer token is used for authentication instead of an API Key and Secret. The same Bearer token is used for all merchants.
  4. A new token needs to be generated once every 24 hours. Generating new tokens doesn’t expire the old one(s), therefore, a new token can be generated while the old one is still being used without interruption.

QA Environment

The baseURL to be used is https://api.qa.revelup.io/. The same baseURL is used for all merchants.

Generating a bearer token for QA environment

To generate a Bearer make a POST call to https://authentication.qa.revelup.com/oauth/token with the following body:

{
   "grant_type": "client_credentials",
   "client_id": "",
   "client_secret": "",
   "audience": "https://api.revelsystems.com"
}

Use the client_id and client_secret that were fetched in the steps above.

PROD environment

The baseURL to be used is https://api.revelsystems.com/. The same baseURL is used for all merchants.

Generating a bearer token for PROD environment

To generate a Bearer make a POST call to https://authentication.revelup.com/oauth/token with the following body:

{
   "grant_type": "client_credentials",
   "client_id": "",
   "client_secret": "",
   "audience": "https://api.revelsystems.com"
}

Use the client_id and client_secret that were fetched in the steps above.