Versions Compared

Old Version 2

changes.mady.by.user Former user

Saved on

compared with

New Version 3

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Page Properties
hiddentrue

Status

Status
colourYellowPurple
titlein reviewstarted

Approver

Table of Contents

As mentioned above, Gini Pay API supports different authentication flows, depending on the use case. API differentiates between anonymous and derived users. Client credentials you received when you registered your application support either derived or anonymous user flows. Make sure to follow our security guidelines on how to secure your data.

...

There are currently 4 different authentication flows possible with our API.

...

Communication from a trusted device using a derived user

Communicate with Gini Pay API using client credentials (basic authentication) from a trusted device e.g. your trusted backend. Derived user is automatically created if it doesn't exist already.

...

...

...

Communication from an untrusted device using a derived user

To communicate with Gini Pay API from untrusted devices, you need to acquire a token from Gini Pay API for the user and hand it over to the untrusted device. User is derived/created from X-User-Identifier header. The value is up to you, usually a stable hash of your internal user identifier.

...

Communication from both trusted and untrusted devices using a derived user

When your communicate with our API from a trusted device using client credentials (option 1), derived user is automatically created for a given X-User-Identifier when it's specified for the first time. From then on, derived user stays fixed for this client id and X-User-Identifier. You can also acquire an access token for this user so it can be used by an untrusted device. This scenario is valid when you have both trusted and untrusted devices communicate with our API and you don't want client credentials stored on an untrusted device.

...

...

Communication from an untrusted device using an anonymous user

This is the only flow that requires a communication with two APIs: Pay API and User Center API. This flow is done in 4 steps:

  1. Obtain the client token using client credentials

  2. Create a new user using the client token

  3. Log in on behalf of the user and acquire an access token

  4. Make API requests with the access token

Access tokens expire. So last two steps need to be repeated to refresh the token and hand it over to the untrusted device for use.

...