Versions Compared
| Version | Old Version 5 | New Version 6 |
|---|---|---|
| Changes made by | ||
| Saved on |
Key
- This line was added.
- This line was removed.
- Formatting was changed.
This chapter contains information regarding authorizations in communications with the InPost Pay app, and the configuration of the Merchant's account, and generating access (client_id and client_secret).
On this page:
| Table of Contents | ||||
|---|---|---|---|---|
|
Authorization
To authenticate customer communications with InPost Pay (Basket App), the OAuth 2.0 standard is used for authenticating customer communications with Basket App. In the case of service to service communications – without the logged user context, client_credentials flow a OAuth is used (https://www.oauth.com/oauth2-servers/access-tokens/client-credentials/).
The Merchant receives their
client_Idandclien_tSecretclient_idandclient_secret
| Info |
|---|
|
They collect an access token
They sign each request. The access token should be provided in the header
Authorization: Bearer W-TYM-MIEJSCU-NALEZY-UMIESCIC-TOKENTOKENThe resource server verifies the token, and identifies the customer
| Info |
|---|
All the requests sent to the server require entering the right and valid access token, which belongs to the particular User. |
| Info |
|---|
The token generated has a specified validity (as defined in expires_in, which is returned together with the token), and it is not necessary to download a new token at each request. |
The token endpoint is fixed, and can be a configuration parameter on the customer's side:
https://login.inpost.pl/auth/realms/external/protocol/openid-connect/token
Production
Token Collection:
Request
| Code Block | ||
|---|---|---|
| ||
POST curl --location 'https://sandbox-login.inpost.pl/auth/realms/external/protocol/openid-connect/token' HTTP/1.1 Host: login.inpost.pl \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'client_id=merchant-1&sandbox' \ --data-urlencode 'client_secret=****&qwertyuiop' \ --data-urlencode 'grant_type=client_credentials' |
Response
| Code Block | ||
|---|---|---|
| ||
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiw...",
"expires_in": 300,
"refresh_expires_in": 0,
"token_type": "Bearer",
"not-before-policy": 0,
"scope": "api:inpostpay"
} |
| Warning |
|---|
Errors that may occur when generating a token:
|
On this page
| Table of Contents | ||||
|---|---|---|---|---|
|
Merchant's Account in Basket App
At the merchant's account level, the system stores the configurations:
Merchant's Name
The logo of the store (image)
Store's web address
Email and phone number for contacting the user
Link to the merchant's contact form.
The scope of the implementation works on the part of the Merchant
Authorization – the implementation of account authentication, authorization, and configuration.
Frontend widget - InPost Pay widget implementation Widget - frontend.file:///C:/wiki/spaces/PL/pages/131072001/Widget+-+frontend
Backend widget – issuing endpoints described in the Widget_backend_API, intended to handle the feature according to the InPost Pay Widget sequence diagrams.file:///C:/wiki/spaces/PL/pages/130023427/InPost+Pay+Widget
Example implementation in PHP
We create the interface of the service, which will make it possible to download the bearer access token.
Code Block language php <?php declare(strict_types=1); namespace Iteo\InpostPayClient\Client; use Iteo\InpostPayClient\SDK\Core\Exceptions\InpostPayEndpointException; /** * Interface used for creating bearer token, needed to communication with Inpost Pay. */ interface InpostPayBearerServiceInterface { /** * Method that creating bearer access token for given merchant credentials. * * @return string Bearer access token * * @throws InpostPayEndpointException */ public function getBearerToken(): string; }
| View file | ||
|---|---|---|
|
We create an exception, which will be returned in the case of a failed token download.
Code Block language php <?php declare(strict_types=1); namespace Iteo\InpostPayClient\SDK\Core\Exceptions; class InpostPayEndpointException extends \Exception { final public function __construct(string $message = '', int $code = 0, \Throwable $previous = null) { parent::__construct($message, $code, $previous); } public static function createClientException(\Throwable $throwable): self { return new static( sprintf('InpostPayClient, error occurred when creating http client with bearer token. Exception message: %s', $throwable->getMessage()), $throwable->getCode(), $throwable ); } }
| View file | ||
|---|---|---|
|
We create an implementation of the service, which downloads an access token using the getBearerToken method.
Code Block language php <?php declare(strict_types=1); namespace Iteo\InpostPayClient\Client; use League\OAuth2\Client\Provider\Exception\IdentityProviderException; use League\OAuth2\Client\Provider\GenericProvider; use Iteo\InpostPayClient\SDK\Core\Exceptions\InpostPayEndpointException; /** * PHP Bearer Service implementation used for creating bearer token, needed to communication with Inpost Pay. */ final class InpostPayBearerService implements InpostPayBearerServiceInterface { private string $clientId; private string $clientSecret; private string $urlAccessToken; private ?string $urlAuthorize; private ?string $urlResourceOwnerDetails; //Zamienić w zależności od środowiska private const URL_ACCESS_TOKEN = 'https://sandbox-login.inpost.pl/auth/realms/external/protocol/openid-connect/token'; public function __construct(string $clientId, string $clientSecret, string $urlAccessToken = self::URL_ACCESS_TOKEN, string $urlAuthorize = null, string $urlResourceOwnerDetails = null) { $this->clientId = $clientId; $this->clientSecret = $clientSecret; $this->urlAccessToken = $urlAccessToken; $this->urlAuthorize = $urlAuthorize; $this->urlResourceOwnerDetails = $urlResourceOwnerDetails; } /** * {@inheritdoc} */ public function getBearerToken(): string { $provider = new GenericProvider([ 'clientId' => $this->clientId, 'clientSecret' => $this->clientSecret, 'urlAuthorize' => $this->urlAuthorize, 'urlAccessToken' => $this->urlAccessToken, 'urlResourceOwnerDetails' => $this->urlResourceOwnerDetails, ]); try { return $provider->getAccessToken('client_credentials')->getToken(); } catch (IdentityProviderException $exception) { throw InpostPayEndpointException::createClientException($exception); } } }
| View file | ||
|---|---|---|
|
The configuration of the Merchant's account - production environment
In order to access the production environment, sign a Contract for Handling and Settling Transactions. If you haven't signed the contract yet, get in touch with your InPost sales representative or use the form included in the section "For Business" in the tab "InPost Pay 'Offer".
After signing the Contract log in to the https://merchant.inpost.pl/ site using the login data within the Parcel Manager (a system for handling InPost's logistical contracts).
Attention! All the information must be completed to generate access rights (Client_ID and Client_Secret) for the production environment of the InPost Pay service.
The configuration of the Merchant's account- sandbox environment
In order to gain access to the Sandbox environment, complete and send the Contact form by using the option Dla Biznesu and the Sandbox tab.
For the needs of the tests, we also make our InPost Mobile test applications available:
install iOS by downloading the app using the link
https://testflight.apple.com/join/ey6Yherdinstall Android by downloading from the link
https://appdistribution.firebase.dev/i/700485b0a22eeb95
Make sure that, before starting the tests, make sure that you have the app's latest version.
Technical requirements on the Merchant's side
Outgoing traffic from InPost to the Merchant for InPost's Proxy IP 34.118.93.24, 34.116.145.216.