eTrusted Control Centre

Authentication

Info You will need:

Authentication across all APIs is based on OAUTH2

Therefore the authentication process is always in two stages:

  1. Call the authorization server.
    Assuming secure machine-to-machine services, call it with the client ID and client secret via POST.
    Note that this may raise security issues when the services are not secure.
  2. The authorization server checks the credentials and returns an access token. Developers can use the access token for subsequent API calls until it expires.

Authentication using API credentials

Sample request

As mentioned above we need an access token to access all other endpoints.

Below is a sample request in CURL. 


curl --location --request POST 'https://login.etrusted.com/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id={client_id}' \
--data-urlencode 'client_secret={client_secret}' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'audience=https://api.etrusted.com'
  • The header grant_type=client_credentials specifies that you will be authenticating using your client_id and client_secret
  • {client_id}: replace this with your client secret.
  • {client_secret}: replace this with your client credentials.

Sample response

The response of the authorization call contains an access token.

{
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJTVHpnYzZfTEM3ZHVnZkNoZVpoUzQyd0dNWVAyM0lBTUdkWGUtWTJrb3ZjIn0.eyJleHAiOjE2MzY0NTA0NzksImlhdCI6MTYzNjQ1MDE3OSwianRpIjoiNmNiODVlMTQtZmZlMC00MzdlLTkyMmMtMjRjMDZmM2ViMjNjIiwiaXNzIjoiaHR0cHM6Ly9sb2dpbi1xYS5ldHJ1c3RlZC5jb20vYXV0aC9yZWFsbXMvYnVzaW5lc3MtUUEiLCJhdWQiOlsiYjJiLWN1c3RvbS1jbGllbnQiLCJhY2NvdW50Il0sInN1YiI6IjY3MjIxYWRiLWZhYTMtNDdiMy1hMmQ4LWM2NThkZDk5NDNkYiIsInR5cCI6IkJlYXJlciIsImF6cCI6IkpuRGFFV042NG4wbThtSlZqSGdTUG11emJHWDNua2Z0IiwiYWNyIjoiMSIsImFsbG93ZWQtb3JpZ2lucyI6WyJodHRwczovL2FwaS5ldHJ1c3RlZC5jb20iXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbImIyYl91c2VyIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiSm5EYUVXTjY0bjBtOG1KVmpIZ1NQbXV6YkdYM25rZnQiOnsicm9sZXMiOlsidW1hX3Byb3RlY3Rpb24iXX0sImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoicHJvZmlsZSBlbWFpbCIsImFyZWFzLWFsbG93ZWQiOlsibWFycyJdLCJjbGllbnRIb3N0IjoiMTg1LjYuMjMzLjE2MyIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwiY2xpZW50SWQiOiJKbkRhRVdONjRuMG04bUpWakhnU1BtdXpiR1gzbmtmdCIsInByZWZlcnJlZF91c2VybmFtZSI6InNlcnZpY2UtYWNjb3VudC1qbmRhZXduNjRuMG04bWp2amhnc3BtdXpiZ3gzbmtmdCIsImh0dHBzOi8vZXRydXN0ZWQuY29tIjp7ImFjY291bnRSZWYiOiJhY2MtMWQyZTZkZWYtOTBiZi00NzY3LTg1YTEtZjg3MjM2YTc5NzA0Iiwicm9sZSI6Im93bmVyIiwicGVybWlzc2lvbnMiOnsidXJuIjoidXJuOmV0cnVzdGVkOioifX0sImlkZW50aXR5UmVmIjoiaWRuLThjYmYwYWUyLWZlODUtNDRmNC1hNTRlLTU3ODE1YzFiMWZjNSIsImNsaWVudEFkZHJlc3MiOiIxODUuNi4yMzMuMTYzIiwiZW1haWwiOiJzZXJ2aWNlLWFjY291bnQtam5kYWV3bjY0bjBtOG1qdmpoZ3NwbXV6Ymd4M25rZnRAcGxhY2Vob2xkZXIub3JnIn0.IA7Lwkw3Xn94cRCKbhETxPOZmSyHtNdLqjbriEsERDQOzTkMAibaAUCkL1emEytHplhaGv_T97JHU_hxSjTM_WexLvJcD_rDbjkcOJgqv4-48r2KqxpO_qzcNms1pnsVsj0ZGhlkVKiyD6VeeOfv04nTiZcXOwLgPa_BKrKwooem6UBC8Pkc9Rl41I0zZHCevOr_ihm7Z1gEE32_tkd4CuwNXEf-EhvM6F4-KWIQX5kYYPQciZ6CdGWYcdHfplSbh5eLI-dt-XTUBKoxNsGO52Aa3kjiGJ3YaIC_UVcKhF9QfDINMSbGYclNHovmc5b22R6AWmGMZDhd-c6glmh8lQ",
    "expires_in": 3600,
    "refresh_expires_in": 0,
    "token_type": "bearer",
    "not-before-policy": 1635873642,
    "scope": "profile email"
}

When you authenticate using your API credentials you get back an access token that expires in 3600 seconds which is 60 minutes from the time it was last used. This means it will only expire if you don't use it continuously.
With that being said you can always request a new token by re-authenticating.

Using your access token

With the access_token you now have complete access to all endpoints within the granted access group.
All through the rest of the documentation, you will find information regarding how to use this access_token.

The access_token is valid for a limited time specified in the response of the authentication call.

To use the access_token you need to set the Authorization header thus Authorization: Bearer {{access_token}}.

Here is a sample curl request with the Authorization header set when creating a new event.

curl --location -g --request POST 'https://api.etrusted.com/events' \
--header 'Authorization: Bearer {{access_token}}' \
--header 'Content-Type: application/json' \
--data-raw '{
    "type": "checkout",
    "customer": {
        "email": "[email protected]"
    },
    "channel": {
        "id": "chl-xxx-xxx-xxx-xxx-xxx"
    },
    "transaction": {
        "reference": "ORDER-1656566663",
        "date": "2021-07-07T13:30:15.000Z"
    },
    "system": "etrusted_test",
    "systemVersion": "0.0.1"
}'