Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


OAuth 2.0 standard is used for authenticating customer communications with Basket App. In the case of service to service communications – without the logged user context, client_credentials flow a OAuth is used (

  • The Merchant receives their client_Id and clien_tSecret

  • They collect an access token

  • They sign each request. The access token should be provided in the header Authorization: Bearer W-TYM-MIEJSCU-NALEZY-UMIESCIC-TOKEN

  • The resource server verifies the token, and identifies the customer


All the requests sent to the server require entering the right and valid access token, which belongs to the particular User.

The token endpoint is fixed, and can be a configuration parameter on the customer's side:

Production Environment

Sandbox Environment

Token Collection:


Code Block
POST /auth/realms/external/protocol/openid-connect/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded



Code Block
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiw...",
    "expires_in": 300,
    "refresh_expires_in": 0,
    "token_type": "Bearer",
    "not-before-policy": 0,
    "scope": "api:inpostpay"

Errors that may occur when generating a token:

  • Invalid client credentials- In the case of providing wrong client_id

  • Invalid client secret- In the case of providing wrong client_secret

  • Missing form parameter: grant_type- In the case of missing grant_type: client_credentials

On this page

Table of Contents

Merchant's Account in Basket App

  1. At the merchant's account level, the system stores the configurations:

    1. Merchant's Name

    2. The logo of the store (image)

    3. Store's web address

    4. Email and phone number for contacting the user

    5. Link to the merchant's contact form

    6. Option of changing the number of a given product in the shopping basket

    7. Option of removing a product from the shopping basket

    8. Option of handling rebate codes

    9. Suggested product availability

    10. 10.  Option of cancelling the order before the payment.

The scope of the implementation works on the part of the Merchant

  1. Authorization – the implementation of account authentication, authorization, and configuration.

  2. Frontend widget - InPost Pay widget implementation Widget - frontend.file:///C:/wiki/spaces/PL/pages/131072001/Widget+-+frontend

  3. Backend widget – issuing endpoints described in the Widget_backend_API, intended to handle the feature according to the InPost Pay Widget sequence diagrams.file:///C:/wiki/spaces/PL/pages/130023427/InPost+Pay+Widget

  4. Integration with Basket App API – integrating with the API methods described in Basket App. file:///C:/wiki/spaces/PL/pages/129794052