Get an access token

You will need an account to access the SlimPay API. During the testing and integration phase, there are two types of accounts available:

  • A free evaluation account can be created online to evaluate the SlimPay solution. This account grants you access to our web API.
  • A user acceptance testing account created by SlimPay, which is configured to your specific needs so you can test real-life payment scenarios before going live.

Each account comes with an app allowing you to access the SlimPay web API. This app is identified by an app ID, an app name and an app secret (all of which can be found on the App Management tab of your Dashboard).

Because the SlimPay API is secured by OAuth 2.0 protocol, you will need to provide an access token in the HTTP Authorization header on every call you make to the API. A merchant can obtain an access token through HTTP Basic authentication using their app name and app secret.

Please note: If you choose to make use of our HAPI Client (Java or PHP), generation of an access token is already taken care of. You can skip this section and move on to the next step!

With your app name and app secret at hand, you need to:

  1. Concatenate these with a colon : as a separator (appname:appsecret)
  2. Encode the result of step 1 using base 64
  3. Send a POST request to https://api.preprod.slimpay.com/oauth/token
POST https://api.preprod.slimpay.com/oauth/token HTTP/1.1
Accept: application/json
Authorization: Basic ValueFrom2
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&scope=api

Be sure to include all the headers (Accept, Authorization and Content-Type) as well as the URL encoded message body (which tells the server what kind of access you want).

The response from the SlimPay server should look like this:

{
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJhcGkiXSwiZXhwIjoxNDg2Mzk0ODM2LCJqdGkiOiIxMzhkNjA4My01ZTEzLTQwMjItYjQyOS01ZmY0YjM5MzgyZGIiLCJjbGllbnRfaWQiOiJkZW1vY3JlZGl0b3IwMSJ9.3X1jVsL5CCSASwwAWHV599Xyo1TKKn4jpHMzSzE6TWE",
    "token_type": "bearer",
    "expires_in": 985,
    "scope": "api",
    "jti": "899a8019-328d-41bb-876a-980f1c768453"
}

The value of the access_token property grants you access to our API for approximately 16 minutes. See the authentication section for more details or move on to the next step!