Setup and Authentication

On this page:

  • Setup eTrusted with credentials and test channels
  • Learn how to authenticate with eTrusted
  • Make your first API call
  • Follow our step by step guide to establish the foundation of your experience feedback

Step: Account and Channels

For every eTrusted customer, Trusted Shops creates an account and lets them know their credentials. Contact us.

When you receive your credentials, you will also receive information about your available channels and test channels.

Step: Authentication

Refer to the authentication section of our API documentation.

To use our APIs, you need to be authenticated. Authentication is done via an API call itself:

<?php
$request = new HttpRequest();
$request->setUrl('https://login.etrusted.com/auth/realms/business/protocol/openid-connect/token');
$request->setMethod(HTTP_METH_POST);

$request->setHeaders(array(
  'cache-control' => 'no-cache',
  'Content-Type' => 'application/x-www-form-urlencoded'
));

$request->setContentType('application/x-www-form-urlencoded');
$request->setPostFields(array(
  'grant_type' => 'client_credentials',
  'client_id' => '{your_client_id}',
  'client_secret' => '{your_client_secret}',
  'audience' => 'https://api.etrusted.com'
));

try {
  $response = $request->send();

  echo $response->getBody();
} catch (HttpException $ex) {
  echo $ex;
}

Warning

{your_client_id} and {your_client_secret} are your credentials. You may want to protect them. A common practice is to store them as server variables and reference them in your code.

If the POST call succeeded, you should have a response that looks like this:

{
    "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImFueS1raWQtbnVtYmVyIn0.eyJqdGkiOiIuLi4iLCJleHAiOjE1NTc4Mzk2NDIsIm5iZiI6MCwiaWF0IjoxNTU3NzUzMjQyLCJpc3MiOiJodHRwczovL2xvZ2luLmV0cnVzdGVkLmNvbS9hdXRoL3JlYWxtcy9idXNpbmVzcyIsImF1ZCI6Imtub3duLWF1ZCIsInN1YiI6InN1Yi11dWlkIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoia25vd24tYXVkIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoic3RhdGUtdXVpZCIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsibXkiLCJvcmlnaW5zIl0sInJlc291cmNlX2FjY2VzcyI6eyJyZWFsbS1tYW5hZ2VtZW50Ijp7InJvbGVzIjpbIm15Iiwicm9sZXMiXX19LCJuYW1lIjoiRmlyc3ROYW1lIExhc3ROYW1lIiwicHJlZmVycmVkX3VzZXJuYW1lIjoibXlAZXhhbXBsZS5jb20iLCJodHRwczovL2V0cnVzdGVkLmNvbSI6eyJhY2NvdW50UmVmIjoiYWNjLVVVSUQiLCJyb2xlIjoib3duZXIiLCJwZXJtaXNzaW9ucyI6eyJyZXNvdXJjZVNldElkIjoidXJuOmV0cnVzdGVkOm15LXJvbGUxIn19LCJnaXZlbl9uYW1lIjoiRmlyc3ROYW1lIiwibG9jYWxlIjoiZW4iLCJmYW1pbHlfbmFtZSI6Ikxhc3ROYW1lIiwiZW1haWwiOiJteUBleGFtcGxlLmNvbSJ9.aUENy65fluD21xNf-yfWadkEx8zSWADZA7JxdYURE4w",
    "expires_in": 36000,
    "token_type": "Bearer",
    "refresh_token":  "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImFueS1raWQtbnVtYmVyIn0.eyJqdGkiOiIuLi4iLCJleHAiOjE1NjU1MjkyNDIsIm5iZiI6MCwiaWF0IjoxNTU3NzUzMjQyLCJpc3MiOiJodHRwczovL2xvZ2luLmV0cnVzdGVkLmNvbS9hdXRoL3JlYWxtcy9idXNpbmVzcyIsImF1ZCI6Imtub3duLWF1ZCIsInN1YiI6InN1Yi11dWlkIiwidHlwIjoiUmVmcmVzaCIsImF6cCI6Imtub3duLWF1ZCIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6InN0YXRlLXV1aWQiLCJyZXNvdXJjZV9hY2Nlc3MiOnsicmVhbG0tbWFuYWdlbWVudCI6eyJyb2xlcyI6WyJteSIsInJvbGVzIl19fX0.XhlX-LKerNl0paTtHPfNmnMkHYbHbxbUeWR0IHYnOuc",
    "refresh_expires_in": 1800
}

In every subsequent API call, you need to include the access_token in the request header:

"Authorization" : "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImFueS1raWQtbnVtYmVyIn0.eyJqdGkiOiIuLi4iLCJleHAiOjE1NTc4Mzk2NDIsIm5iZiI6MCwiaWF0IjoxNTU3NzUzMjQyLCJpc3MiOiJodHRwczovL2xvZ2luLmV0cnVzdGVkLmNvbS9hdXRoL3JlYWxtcy9idXNpbmVzcyIsImF1ZCI6Imtub3duLWF1ZCIsInN1YiI6InN1Yi11dWlkIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoia25vd24tYXVkIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoic3RhdGUtdXVpZCIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsibXkiLCJvcmlnaW5zIl0sInJlc291cmNlX2FjY2VzcyI6eyJyZWFsbS1tYW5hZ2VtZW50Ijp7InJvbGVzIjpbIm15Iiwicm9sZXMiXX19LCJuYW1lIjoiRmlyc3ROYW1lIExhc3ROYW1lIiwicHJlZmVycmVkX3VzZXJuYW1lIjoibXlAZXhhbXBsZS5jb20iLCJodHRwczovL2V0cnVzdGVkLmNvbSI6eyJhY2NvdW50UmVmIjoiYWNjLVVVSUQiLCJyb2xlIjoib3duZXIiLCJwZXJtaXNzaW9ucyI6eyJyZXNvdXJjZVNldElkIjoidXJuOmV0cnVzdGVkOm15LXJvbGUxIn19LCJnaXZlbl9uYW1lIjoiRmlyc3ROYW1lIiwibG9jYWxlIjoiZW4iLCJmYW1pbHlfbmFtZSI6Ikxhc3ROYW1lIiwiZW1haWwiOiJteUBleGFtcGxlLmNvbSJ9.aUENy65fluD21xNf-yfWadkEx8zSWADZA7JxdYURE4w"
"Content-Type" : "application/json"

If you are looking for more information about OAuth2, we recommend the official site. If you are looking for more information about JWT (JSON Web Token), we recommend jwt.io.