Verve Gateway • API Doc

Obtain a valid access token required for authenticating and authorizing subsequent API requests through the Verve Gateway.

OAuth2 Login

This endpoint is used to obtain an access token for authenticated API requests.

OPEN

Endpoint: /gateway/oauth/login

Method: POST

curl --location '{{BASE_URL}}/gateway/oauth/login' \
--header 'Authorization: Basic base64_encoded_client_id:client_secret' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=profile'

// Node (fetch)
fetch('{{BASE_URL}}/gateway/oauth/login', {
  method: 'POST',
  headers: {
    'Authorization': 'Basic base64_encoded_client_id:client_secret',
    'Content-Type': 'application/x-www-form-urlencoded'
  },
  body: new URLSearchParams({
    grant_type: 'client_credentials',
    scope: 'profile'
  })
})
.then(r => r.json())
.then(console.log);

# Python (requests)
import requests

headers = {
    "Authorization": "Basic base64_encoded_client_id:client_secret",
    "Content-Type": "application/x-www-form-urlencoded"
}

data = {
    "grant_type": "client_credentials",
    "scope": "profile"
}

resp = requests.post("{{BASE_URL}}/gateway/oauth/login", headers=headers, data=data)
print(resp.json())

// Java (HttpClient)
String body = "grant_type=client_credentials&scope=profile";
HttpRequest req = HttpRequest.newBuilder()
  .uri(URI.create("{{BASE_URL}}/gateway/oauth/login"))
  .header("Authorization", "Basic base64_encoded_client_id:client_secret")
  .header("Content-Type", "application/x-www-form-urlencoded")
  .POST(HttpRequest.BodyPublishers.ofString(body))
  .build();
HttpResponse res = HttpClient.newHttpClient().send(req, HttpResponse.BodyHandlers.ofString());
System.out.println(res.body());

// C# (HttpClient)
using var client = new HttpClient();
client.DefaultRequestHeaders.Add("Authorization", "Basic base64_encoded_client_id:client_secret");
var content = new FormUrlEncodedContent(new Dictionary<string, string> {
    ["grant_type"] = "client_credentials",
    ["scope"] = "profile"
});
var resp = await client.PostAsync("{{BASE_URL}}/gateway/oauth/login", content);
Console.WriteLine(await resp.Content.ReadAsStringAsync());

// Go (net/http)
data := url.Values{}
data.Set("grant_type", "client_credentials")
data.Set("scope", "profile")

req, _ := http.NewRequest("POST", "{{BASE_URL}}/gateway/oauth/login", strings.NewReader(data.Encode()))
req.Header.Set("Authorization", "Basic base64_encoded_client_id:client_secret")
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")

resp, err := http.DefaultClient.Do(req)
if err != nil { log.Fatal(err) }
defer resp.Body.Close()

// PHP (cURL)
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "{{BASE_URL}}/gateway/oauth/login");
curl_setopt($ch, CURLOPT_HTTPHEADER, [
  "Authorization: Basic base64_encoded_client_id:client_secret",
  "Content-Type: application/x-www-form-urlencoded"
]);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query([
  "grant_type" => "client_credentials",
  "scope" => "profile"
]));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
echo curl_exec($ch);
curl_close($ch);

# Ruby (Net::HTTP)
require 'net/http'
require 'uri'

uri = URI('{{BASE_URL}}/gateway/oauth/login')
req = Net::HTTP::Post.new(uri)
req['Authorization'] = 'Basic base64_encoded_client_id:client_secret'
req['Content-Type'] = 'application/x-www-form-urlencoded'
req.body = URI.encode_www_form({ grant_type: 'client_credentials', scope: 'profile' })

res = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == 'https') { |http| http.request(req) }
puts res.body

// Swift (URLSession)
let url = URL(string: "{{BASE_URL}}/gateway/oauth/login")!
var req = URLRequest(url: url)
req.httpMethod = "POST"
req.setValue("Basic base64_encoded_client_id:client_secret", forHTTPHeaderField: "Authorization")
req.setValue("application/x-www-form-urlencoded", forHTTPHeaderField: "Content-Type")
req.httpBody = "grant_type=client_credentials&scope=profile".data(using: .utf8)

URLSession.shared.dataTask(with: req) { data, _, _ in
  if let data = data { print(String(decoding: data, as: UTF8.self)) }
}.resume()

200 — Success response:

{
  "access_token": "eyJhbGciOiJSUzI1NiJ9...",
  "token_type": "bearer",
  "expires_in": 43199,
  "scope": "profile",
  "merchant_code": "MX6072",
  "client_authorization_domain": "MX6072",
  "requestor_id": "12380859503",
  "api_resources": [
    "rid-GET/gateway/loyalty-engine/**",
    "rid-POST/gateway/loyalty-engine/**",
    "rid-PUT/gateway/loyalty-engine/**",
    "rid-PATCH/gateway/loyalty-engine/**",
    "rid-DELETE/gateway/loyalty-engine/**",
    "rid-GET/gateway/loyalty-transaction/**",
    "rid-POST/gateway/loyalty-transaction/**",
    "rid-PUT/gateway/loyalty-transaction/**",
    "rid-PATCH/gateway/loyalty-transaction/**",
    "rid-DELETE/gateway/loyalty-transaction/**"
  ],
  "merchant-wallet-actions": ["settle", "transact", "reverse"],
  "incognito_requestor_id": "12380859503",
  "client_name": "R7jJhrEgyL",
  "client_logo": null,
  "payable_id": "33597",
  "client_description": null,
  "jti": "8e1b6842-38d0-4279-a4b5-a388e093a7af"
}

400 — Invalid request:

{
  "error": "invalid_request",
  "error_description": "Missing grant type",
  "error_code": "invalid_request",
  "code": "invalid_request",
  "description": "Missing grant type"
}

401 — Unauthorized (Missing authentication):

{
  "error": "unauthorized",
  "error_description": "Full authentication is required to access this resource"
}

401 — Unauthorized (Bad credentials):

{
  "code": "Unauthorized",
  "description": "Bad credentials",
  "errors": null
}