Authentication
All B2B Receivables API endpoints require an Authorization header using the Bearer authentication scheme.
Partners obtain an access token by using the OAuth 2.0 client credentials flow, as defined in RFC 6749, section 4.4.
The token lifetime is returned as part of the token response.
URL path - /billing/oauth2/token
Method - POST
Overview
Use this endpoint to obtain an access token before calling protected B2B Receivables API endpoints.
Partner-specific credentials and scopes are provided during onboarding.
Request Headers
| Header Name | Header Value |
|---|---|
| Content-Type | application/x-www-form-urlencoded |
| Authorization | Basic base64(Username:Password) |
The username and password used for Basic authentication are partner-specific API credentials.
Form Parameters
| Parameter Key | Parameter Data Type | Required | Notes |
|---|---|---|---|
| grant_type | string | Y | Parameter value must be set to client_credentials |
| scope | string | Y | The scope of the access request as described by the RFC |
Scopes
| Scope | Grants |
|---|---|
billing:customers:invite |
Mint customer signup invitations |
billing:customers:read |
List customers |
billing:batches:submit |
Submit batches of debit instructions |
billing:batches:read |
Retrieve batch status |
Each scope is granted independently. Partners are granted the scopes their integration requires during onboarding. Request only the scopes the integration uses.
Credentials are issued at the Organisation level. A single set of credentials can be used to act on any Site that belongs to the Organisation; the target Site is identified by the {siteId} path segment in each request.
Response
Status Code - 200 OK
| Parameter Key | Parameter Data Type | Required | Notes |
|---|---|---|---|
| access_token | string | Y | Bearer token used to call protected APIs |
| token_type | string | Y | Authentication scheme. Expected value: Bearer |
| expires_in | integer | Y | Token lifetime in seconds |
| scope | string | Y | Granted scopes |
Examples
Request
POST /billing/oauth2/token HTTP/1.1
Host: sample.pyng.com.au
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&scope=billing:customers:invite%20billing:customers:read%20billing:batches:submit%20billing:batches:read
Response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
{
"access_token": "access_token_example",
"token_type": "Bearer",
"expires_in": 900,
"scope": "billing:customers:invite billing:customers:read billing:batches:submit billing:batches:read"
}
Error Response
HTTP/1.1 401 Unauthorized
Content-Type: application/json;charset=UTF-8
{
"error": "invalid_client",
"error_description": "Client authentication failed"
}