How do I add an enhanced API key security on Paytia?

How to Add Enhanced API Key Security on Paytia

Adding enhanced security to your API integration ensures a more secure and streamlined experience when connecting to the Paytia platform. Follow these instructions to generate an API key, activate tokens, and configure security settings.

Step 1: Generate an API Key

1. Navigate to Account Security > API Secret Key in the Paytia administration portal.
   
   
   
   
2. Click the Generate API Key button. An API key will be created and displayed in the API key list.
   
   

Step 2: Configure API Key Settings

1. Restrict Access by IP Address (Optional):

   • Enter the IP address of your server or application in the designated field to limit API key usage to specified IPs.
     
     

2. Select Webhook Output Format:

   • Single JSON Data: Outputs data as a single string.
   • Multiple JSON Data: Outputs each field on a separate line (specific to Worldpay Corporate Gateway).

3. Click Save to activate your settings.

Step 3: Generate Tokens

1. Locate your API key in the list and click Generate Tokens under the "Action" column.
2. You will receive the following:
   • Client ID: A unique public identifier for your app.
   • Client Secret: A secure, private value for authentication.
   • Access Token: A short-lived token for API requests (expires in one hour).
   • Refresh Token: Used to renew expired access tokens automatically.
     
     

Important Notes:

• Client ID: Must be unique across all Paytia client API connections.
• Client Secret: Should be highly random and secure.
• Access Token: Authenticate API requests. Expires in one hour.
• Refresh Token: Renew access tokens when expired.

Step 4: Enable Enhanced Security

1. Toggle the Enhance Security switch to activate this feature. The switch should be set to green.
   
   

Step 5: Authorize API Access

Use the /api/authorize endpoint to pre-authorize your API requests.
Example https://accounts.paytia.com/api/authorize 

Example POST Request:

curl --location 'https://accounts.paytia.com/api/authorize' \
--header 'X-API-KEY: your_api_key_here' \
--header 'ACCESS-TOKEN: your_access_token_here' \
--data-raw '{
  "client_id": "your_client_id_here",
  "client_secret": "your_client_secret_here"
}'

• Replace your_api_key_here, your_access_token_here, your_client_id_here, and your_client_secret_here with the appropriate values.
  
  
  
  curl --location 'https://accounts.paytia.com/api/payment_service' \
  --header 'X-API-KEY: 1fa7c6470f54e14f948d0d830a775c3efb328bef5f6a464869fca627ca979818' \
  --header 'ACCESS-TOKEN: cWMJZimvoWr9QAo5ZZZZBPX5q83rCiTx4xCy1=' \

Step 6: Refresh Tokens

When the access token expires, use the refresh token to generate a new access token. Paytia will return a new refresh token with each renewal to maintain secure credentials.

By following these steps, you ensure that your integration with Paytia is secured with advanced token-based authentication, reducing risks and enhancing operational reliability.