i3 Vertical's APIs are a suite of RESTful APIs that are easily consumed, nearly frictionless, and extremely fast. Our APIs allow you to:
Our APIs are publically available, and you can use the provided demo credentials to test the documented resources. Once you've decided to move forward, contact i3 Vertical's integration team to begin the integration process. You'll be provided your own sandbox, as well as a production environment.
Use the following hosts for all requests to our APIs.
Click on an API to view its documentation.
The Customer API is used to manage customers and customer wallets.
Retrieve your payment distribution details with the Distribution API.
Store and retrieve documents attached to merchants with the Document API.
The Enrollment API allows Partners to enroll Merchants and provision their payment Accounts.
The Link API provides a link shortening and tracking service.
The Messaging API allows Partners and Merchants to communicate with customers through various communications channels.
The Payment API provides methods for processing payments and tokenizing payment methods. Access to the API can be limited based on various scenarios (tokenize-only, charge-only, etc).
The Plugin API provides UI plugin components that implement API functionality.
The Users API provides methods for accessing, and managing Burton Portal
The Session API allows Partners allows the creation of a profile that defines a future end-user interaction such as accepting a payment.
The Verify API makes verifying a contact method, such as a mobile phone number, simple.
Our APIs use the Client Credentials OAuth 2 flow. A high-level overview of this process looks like this:
client_credentials
.access_token
and some other detail explaining the granted access for the token.access_token
with HTTP Bearer authorization for subsequent calls to protected resources within the Burton Platform's API.access_token
.The Client Credentials flow requires a few basic items in the authentication call:
Client ID
and Secret
provided during the integration phase as the username
and password
values aTJOMmRaSmRzTUNxZ3ZZakpEQnVlbUNwdGp2QmpHYWI6cEVNWDVBTmk4b2l5R3NSMA
grant_type
in the body (x-www-form-urlencoded
), with a value of client_credentials
grant_type=client_credentials
Content-Type
header, as wellContent-Type: application/x-www-form-urlencoded
scope
field in the request body (x-www-form-urlencoded
). This will limit the resources or actions the Bearer token is allowed. You can get a list of valid scopes by requesting a Bearer token without a scope. See the Scopes page for a full list of available scopes.grant_type=client_credentials&scope=urn:v2:charges:all
Putting these together, a cURL command would look like this.
curl -X POST \
'https://$Host/services/oauth2/token' \
-H 'Authorization: Basic HashedCredentials' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'cache-control: no-cache' \
-d 'grant_type=client_credentials'
A successful response will have a response code of 200, and a body like this.
{
"token_type": "Bearer",
"access_token": "C6fgvWRISzNxA7MkVSk21XqdRN8O",
"issued_at": 1550254644,
"expires_in": 3599,
"status": "approved",
"refresh_token": null,
"refresh_token_issued_at": 0,
"refresh_token_expires_in": 0,
"application_list": [
"Payments",
],
"scope": "charges read store_token create update delete refunds"
}
A few things to note:
access_token
is your token.token_type
value tells you the type of token. You can safely create your Authorization header using this template: {token_type} {access_token}
(i.e. The token_type
, a space, and the access_token
value).issued_at
value is the UNIX epoch when this token was issued.expires_in
value tells you how many seconds after issued_at
that the token will remain valid. If you use this value to determine when to retrieve a new token, allocate some buffer time to account for network travel.scope
value is a space-delimited list of scopes allowed for this token. If you didn't provide a scope value in your request, then it is also a list of the scopes allowed for your user.When making a request to a protected endpoint, populate your Authorization
header with {token_type} {access_token}
.
curl -X POST \
'https://$Host/protected_endpoint' \
-H 'Authorization: Bearer C6fgvWRISzNxA7MkVSk21XqdRN8O' \
...
Read the following article that will help you get started quickly: