Français
English
Authentication
Creating AuthAccess
Before you can programmatically authenticate with the FPay API, you must create an AuthAccess object. To do this, you need to go to the AuthAccess tab in the menu of your console .
This object manages authentication and authorizations during interaction between your system and ours. For the moment, it is possible to define the following authorizations on this object:
-
money-in-only: Only API requests to bring money into your account can be made with this AuthAccess object. -
read-only: Only read API requests can be made with this AuthAccess object. It will be possible for example to retrieve the transaction list programmatically and impossible to transfer money or to create another new AuthAccess object. -
read/money-in: Only read API requests AND requests to bring money into your account can be made with this AuthAccess object. -
read-write/no-money-out: Read or write API requests can be made but it won't be possible to transfer money out of your account. Note that it is also impossible to create an AuthAccess with this object that will allow transfer money out of your account. -
full-access: All possibles API requests on your account can be done with this object
Information
Regarding access control, our engineers are currently working on a more advanced system of permissions and authorizations management. You will have more choices than the previous permissions in a near future update that will be retro-compatible with any code written now.
More powerful than ACL (Acces Control List) and RBAC (Role Based Access Control), the ABAC (Attribute-based access control) paradigm will be used for this radically innovative permission system.
Regarding access control, our engineers are currently working on a more advanced system of permissions and authorizations management. You will have more choices than the previous permissions in a near future update that will be retro-compatible with any code written now.
More powerful than ACL (Acces Control List) and RBAC (Role Based Access Control), the ABAC (Attribute-based access control) paradigm will be used for this radically innovative permission system.
Using AuthAccess
Any AuthAccess object created has several attributes of which the 2 main ones that will be useful immediately are the following :
-
token -
secretKey
We are in the most important part of this page. We cannot emphasize enough on security and regarding this, we recommend you to read carefully the following message.
Important
The value of the field named
The value of the field named
secretKey must be kept absolutely secret and used only on your servers. This implies that you should never use the value of this field as a variable or constant in the source code of a mobile application, a web application or in the source code of any application whose binary may be public and visible to all. There are many tools to access strings in the source code from a binary around here. We will explain later how to collect money via a mobile application.