myPOS Rest API uses oAuth2 for authorizing the HTTP requests. For more information please refer to the docs: https://www.oauth.com. The oAuth2 Token is sent in the header of every request. The Client ID and Client Secret are available in the myPOS Web Account. 

 

 

oAuth Credentials

To generate your personal set of credentials, go to your myPOS Account. There you can manage your already generated credentials as well as generate new ones.

 

 

Token generation

After obtaining your Client ID and Client Secret, generating an oAuth Token is standard. myPOS REST API currently supports only "client credentials" grant type for oAuth Token generation.

 

To generate a token, send an HTTP POST request to:

 

For production environment - https://auth-api.mypos.com/oauth/token 

 

For test environment - https://sandbox-auth-api.mypos.com/oauth/token 

 

The request should be with:

 

Headers

Content-Type = application/x-www-form-urlencoded

Authorization = "Basic " + base64 encoded value of concatenated Client ID and Client Secret using a colon for concatenation.

Make sure you replace {base64encode(client_id:client_secret)} with an actual base64 encoded string.

 

Body

grant_type = "client_credentials" or authorization_code" or "refresh_token"

scope = "webhooks" when using oAuth for the WebhookAPI

 

Examples

curl -X POST \
  https://auth-api.mypos.com/oauth/token \
  -H 'Authorization: Basic {base64encode(client_id:client_secret)}' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'grant_type=client_credentials'
import requests 
import base64 

requests.post(
    url='https://auth-api.mypos.com/oauth/token', 
    headers={
        'Content-Type': 'application/x-www-form-urlencoded', 
        'Authorization': 'Basic %s' % base64.b64encode('client_id:client_secret'.encode('utf-8').decode('utf-8')) 
    }, 
    data=dict(
        grant_type='client_credentials'
    )
)
const request = require('request');

const options = {
    method: 'POST',
    url: 'https://auth-api.mypos.com/oauth/token',
    headers: {
        'Content-Type': 'application/x-www-form-urlencoded',
        'Authorization': `Basic ${Buffer.from("client_id:client_secret").toString('base64')}`
    },
    form: {
        grant_type: 'client_credentials'
    }
};

request(options, (err, res, body) => {
    // TODO: Handle response
});
<?php

$request = new HttpRequest();
$request->setUrl('https://auth-api.mypos.com/oauth/token');
$request->setMethod(HTTP_METH_POST);

$request->setHeaders(array(
  'Content-Type' => 'application/x-www-form-urlencoded',
  'Authorization' => 'Basic ' . base64_encode('client_id:client_secret')
));

$request->setContentType('application/x-www-form-urlencoded');
$request->setPostFields(array(
  'grant_type' => 'client_credentials'
));

try {
  $response = $request->send();

  echo $response->getBody();
} catch (HttpException $ex) {
  echo $ex;
}

 

 

Token Revocation

To revoke an oAuth Token send an HTTP request to https://api.mypos.com/oauth/revoke with:

 

Headers

Content-Type = application/x-www-form-urlencoded

Authorization = "Basic " + base64 encoded value of concatenated Client ID and Client Secret using a colon (“:”)  (Postman) or semicolon (“;”)  for concatenation.

Make sure you replace {base64encode(client_id:client_secret)} with an actual base64 encoded string.

 

Body

token = <the_token_to_revoke>

 

Examples

curl -X POST \
  https://auth-api.mypos.com/oauth/revoke \
  -H 'Authorization: Basic {base64encode(client_id:client_secret)}' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'token=vjqje92BWVesdh8TE6nBfepst0mf11wHA6VnR5RhN6'
import requests 
import base64 

requests.post(
    url='https://auth-api.mypos.com/oauth/revoke', 
    headers={
        'Content-Type': 'application/x-www-form-urlencoded', 
        'Authorization': 'Basic %s' % base64.b64encode('client_id:client_secret'.encode('utf-8')).decode('utf-8') 
    }, 
    data=dict(
        token='vjqje92BWVesdh8TE6nBfepst0mf11wHA6VnR5RhN6'
    )
)
const request = require('request');

const options = {
    method: 'POST',
    url: 'https://auth-api.mypos.com/oauth/revoke',
    headers: {
        'Content-Type': 'application/x-www-form-urlencoded',
        'Authorization': `Basic ${Buffer.from("client_id:client_secret").toString('base64')}`
    },
    form: {
        token: 'vjqje92BWVesdh8TE6nBfepst0mf11wHA6VnR5RhN6'
    }
};

request(options, (err, res, body) => {
    // TODO: Handle response
});
<?php

$request = new HttpRequest();
$request->setUrl('https://auth-api.mypos.com/oauth/revoke');
$request->setMethod(HTTP_METH_POST);

$request->setHeaders(array(
  'Content-Type' => 'application/x-www-form-urlencoded',
  'Authorization' => 'Basic ' . base64_encode('client_id:client_secret')
));

$request->setContentType('application/json');
$request->setPostFields(array(
  'token' => 'vjqje92BWVesdh8TE6nBfepst0mf11wHA6VnR5RhN6'
));

try {
  $response = $request->send();

  echo $response->getBody();
} catch (HttpException $ex) {
  echo $ex;
}