Receiving Credentials

Once credentials have been set up for a user, either by their administrator or by the user themselves, a Partner integration will receive the configured credentials when the user originates a transaction, and when the user initiates a new transaction request


I. Receiving credentials during transaction origination:


When a Partner integration invokes the GET /partner/v2/origins/:id REST API endpoint to service its user-interface's origination request, the response body will contain the configured credentials for the user (if any) under the $.credentials attribute:

{
 ...
 "credentials": {
   "credential-property-id": "credential-property-value",
   "credential-property-id": "credential-property-value",
   ...
 }
}

The Partner integration can use this information to authenticate the user during transaction origination without any input from the user, providing a seamless sign-in experience.

Once the user is authenticated, the authentication context can be established for all subsequent requests from the application's user-interface on the user's behalf.


II. Receiving credentials in a transaction request:


Just like during transaction origination, Partner integrations also receive the credentials applicable to the initiating user in a new transaction request. Upon invoking the REST API's GET /partner/v2/transactions/:id endpoint, the configured credentials will be received in the $.request.credentials response body attribute:

{
 ...
 "request": {
   ...
   "credentials": {
     "credential-property-id": "credential-property-value",
     "credential-property-id": "credential-property-value",
     ...
   }
 }
}

πŸ“˜

Authenticate origins and requests!

As a best-practice, it is a good idea to authenticate users independently each time during transaction origination and request fulfillment. This way, your integration request servicing workflow implementation can generically serve user-interface initiated orders and headless API/automation engine initiated orders that do not involve any user interaction.


What’s Next