Retrieve and using a JWT token
In order to be able to generate requests to query the Payment Gateway’s API, there needs to exist a JSON Web Token (JWT). This token needs to be carried in the header of the request, with the prefix Bearer.
The JWT access token can be generated through the endpoint POST - /auth/token and it can be found under the property access_token of the response’s body.
note
Check the API specification for that here:
How to
| Information | Description | Data |
|---|---|---|
| Host | Provided by boltPay | |
| Method | POST | |
| Endpoint | /auth/token | |
| Body | x-www-form-urlencoded |
|
Request example using curl:
curl --location --request POST '{pgw-url}/auth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencoded 'client_id=client3x3mPl3' \
--data-urlencoded 'client_secret=s3cr3Tp%40ass' \
--data-urlencoded 'grant_type=client_credentials' \
--data-urlencoded 'scope=openid accountId username roles permissions status entityUser'
Response example:
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3gwdmJpNmlfS2MifQ.EVURSJdLCJzdGF0dXMiOiJhY3RpdmUiLCJqdGkiOiJXS21MX3N1bjFqakx5cVc2X2RaUV8iLCJpYXQiOjE2OTQ1MTE2NzYsImV4cCI6MTY5NDUxMjI3Niwic2NvcGUiOiJvcGVuaWQgYWNjb3VudElkIHVzZXJuYW1lIHJvbGVzIHBlcm1pc3Npb25zIHN0YXR1cyBlbnRpdHlVc2VyIiwiaXNzIjoiaHR0cDovLzAuMC4wLjA6OTA5MCIsImF1ZCI6IjVjN2ZiZDYyZjg5MDVhMDAxODk3OTk4ZCJ9.VucwAUv8gruDVfP4DGtbcySU4y8CZ31THv9mFZXDcPc09ct8Aq3qSCiyoCoGNSHeYH27LAnxTzvs38G6RMY4jkO32EjMRYcALlcbX9lAJ89KcFplNj6Q0f-6Xo-rfS6uvVHawyKOCypc1EErWQd9cKqiL35sV-VoCkh0KQgKX9hVlIKh2DpHFivKp4nw7vRZiCsMy1fmmtQTPvXg104SBv7BiU4HAhDkVUgfuyPFBgqvkFbfutz_iqmrWBfhR0PZZVuC-1g",
"expires_in": 600,
"token_type": "Bearer",
"scope": "openid accountId username roles permissions status entityUser"
}
Each token has an expiration time of 10 minutes, and they are irrecuperable, which means that by the end of this period you’ll need to reaccess the POST - /auth/token endpoint to retrieve a new token.