Access tokens are used in token-based authentication to allow users access to your account’s API or dashboard by gathering and providing the required security data for clearance. Permissions are granted for defined functions and periods and can be deactivated when no longer needed. How access token work: users logs in to a system. It passes the access token as a credential when it calls the target API or dashboard component. The token notifies that the user is authorised to access and perform certain actions.
To generate a new Access Token:
- Go to Profile menu > Access Tokens > Create New.
- Select the required permissions, give the Access Token a name in the Label field and set the expiry date and time under Expire In. Leave the field blank if you wish the Access Token to remain active indefinitely.
- Additionally, you can allow user access tokens only with specified domain names (for UI only) and from specified IP addresses (for both API and UI). You can add these parameters to the ‘Whitelist Domains’ and ‘Whitelist IPs’ fields.
- Click Create.
- Copy and share the Token as it will not be available in the Dashboard afterwards.
This feature could be useful to provide limited access to your account for reporting or for job-specific responsibilities, without providing full API access.
For example, if you would like to allow a staff member or third party to create a charge but not to have access to view charge data, you can generate an access token with the permission Create Charges. The person with this access token can then create a new charge using x-access-token instead of x-user-secret-key, like so:
curl --location --request POST 'https://api-sandbox.paydock.com/v1/charges' \
--header 'x-access-token: {{accesstoken}}' \
--header 'Content-Type: application/json' \
--data-raw '{
"amount": "10.00",
"currency": "AUD",
"customer": {
"payment_source": {
"gateway_id": "5cbede1f151b842653e987be",
"card_name": "First_Name Last_Name",
"card_number": "4242424242424242",
"expire_month": "09",
"expire_year": "21",
"card_ccv": "123"
}
}
}'
If you want to restrict the user from making charges, you can disable the access token at any time.