Authorization

API Credentials

PaySimple assigns API credentials to each merchant or reseller account. Most PaySimple partners choose to be issued a single reseller key so only one shared secret needs to be securely stored. Your production API username and API key will be delivered initially via encrypted email. Please ensure the API key is stored encrypted in a secured location on your server, and never sent to a browser or via unencrypted email.

Authorization Header

PaySimple requires an Authorization Header to be included in each request. The header value will vary in format depending if you are using a merchant or reseller key.

Reseller Authorization

If you are issued a reseller API key, input the string reseller as the authentication header scheme, followed by a space and the reseller API key. You can then access reseller level API endpoints.

The format is for the value is the word "reseller", followed by a space, followed by your reseller api key. The key starts with a number and pipe character followed by a string.
reseller INSERT_YOUR_KEY

Example Reseller Authentication Header:

reseller 218|YhLB81Vofv6Zndxc6QLkdmbaKwdKPawyoKOJ6eWrBJYmDPIKNWTDtwbvkcDIbVR0pVR8RYJKOfIskjBiDtdSV4d1R2FzEv3hmCtlTjdmgpQg41vhscg5juCO0tqTE6r0

Merchant Id Header

When using a reseller key and the call is made in the security context of a merchant (most calls), add a header with key PaySimple-Merchant-Id and the PaySimple Merchant Id of the merchant for the value. The merchant id can be retrieved via the GET Merchants call in the merchant_activated_for_payment_type webhook.

Merchant Authorization

You will only be issued a merchant api key if you need to process for one merchant account. This is typically when you are billing your customer (house account).

Use your PaySimple API username as the user name and API key as the password. Please note that the header value is not base 64 encoded.

Example Merchant Authentication Header:

basic APIUser1225:YhLB81Vofv6Zndxc6QLkdmbaKwdKPawyoKOJ6eWrBJYmDPIKNWTDtwbvkcDIbVR0pVR8RYJKOfIskjBiDtdSV4d1R2FzEv3hmCtlTjdmgpQg41vhscg5juCO0tqTE6r0

Client Token Authorization (rarely used)

In order to use certain features of the PaySimple API you may need a client token. To get a client token you need to use your Reseller API key. This method should only be called server side where the Reseller key is securely stored. It should never be called directly from a client side application.

Example Implementation:

POST https://api.paysimple.com/ps/auth/reseller_client_token
{
	"client_id": {Unique id of PaySimple merchant}, 
	"api_key": {Unique Resller API key} 
}

Response:

{
    "data": {
        "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6InRMbW5Hc0RrNjA0ZzkyTHVTc0RhZkI5RjBQWSJ9.eyJpc3MiOiJzZWxmIiwiYXVkIjoiaHR0cDovL3BheXNpbXBsZS5jb20iLCJuYmYiOjE1Njc1MzM2NTAsImV4cCI6MTU2NzUzNDEzMCwidW5pcXVlX25hbWUiOiI5NTA2MSIsImh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL3NwbiI6IjgwMDQyIiwiaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS93cy8yMDA4LzA2L2lkZW50aXR5L2NsYWltcy91c2VyZGF0YSI6Ijk1MDYxLDgwMDQyLDM0MiwyLDExfDQxfDQyfDQ2fDQzfDQ0fDQ1fDQ5LDF8MnwzfDR8NXw2fDd8OHw5fDE2fDE3fDE4fDE5fDIyfDQ4LCwsIiwiaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvdXJpIjoiMTI3LjAuMC4xIiwiaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvc2lkIjoiIn0.mhuzjosvKoaU8O2CDAkshPNQDoJp3QUKEerJVAkGkwbrVmNlcviVX6AoBfcew9m69ppbUyfnVpug3HsGv0Ewvjldo1YJn4VOwxm45kZTwtRYRLE0F-XEO9r7pm7INFii85s7mZPEfrrONPmTgeb7k_JwO11FdP0kzJh54LyzFK5J0rcXL2wRCtCw_s3ZqhOa3_MwOI5sPBDfaDhgIfkVEBjglSXiRs8w7oU3iouJ7cziduPB0eQQuMv3sXTZmm5ta00ThbqKCAY6s9JXUTi95YMlPBvbvfe28WpPrPjU89J8WwIImch8CMwQMfK9zlsmLP1363EqpxY21PlAd6WmLQ",
        "expires": "2019-09-03T18:08:50.237716Z"
    }
}