Authentication
Note: this tutorial is only dedicated to point out which API methods should be used in order to correctly implement our Mobile SDK. Full API docs can be found at docs.kevin.eu
If you only plan to use one time payments, you don't need to implement authentication to achieve it.
For the account linking which you might use later for AIS or PIS services, you will need to get a state. Asking a user to authenticate within his account will allow you to skip authentication steps when initiating a payment and even skip low value payment SCA steps on some certain banks.
$client = new Client($id, $secret, ['version' => '0.3', 'error' => 'array']);
$attrs = [
'redirectPreferred' => 'false',
'scopes' => 'payments', // multiple scopes can be added separated with comma
'email' => '[email protected]',
'Request-Id' => uniqid(),
'Redirect-URL' => 'https://your.callback.url' // must match SDK callback url
];
$response = json_encode($client->auth()->authenticate($attrs));
Received state value should be passed to the SDK when attempting to link the account.
After the user has successfully linked the account, the Mobile SDK will return a callback with authorizationCode, which can be used to fetch the tokens required for further work with AIS and PIS services.
$client = new Client($id, $secret, ['version' => '0.3', 'error' => 'array']);
$attrs = [
'grantType' => 'authorizationCode',
'code' => 'received-authorization-code-from-Mobile-SDK'
];
$response = json_encode($client->auth()->receiveToken($attrs));
Make sure to save received refresh and access tokens for the further use.
Account access tokens have only a limited duration, so we recommend implementing a token refresh mechanism.
$client = new Client($id, $secret, ['version' => '0.3', 'error' => 'array']);
$attrs = [
'grantType' => 'refreshToken',
'refreshToken' => 'your-refresh-token'
];
$response = json_encode($client->auth()->refreshToken($attrs));
Last modified 10mo ago