B2B Cloud Authentication

C#PHPNodeShell

Scroll down for code samples, example requests and responses.
Select a language for code samples from the tabs or the mobile navigation menu.

Request an access token for the B2B SoftPOS channel.

POST /softpos/appenrollment/token

This must be called from the merchant's backend in MTLS using the developer certificate.

Parameters

content-typestringrequired
Specifies the media type of the resource or the data being sent in the request body. For form submissions, use 'application/x-www-form-urlencoded'.

Request an access token for the B2B SoftPOS channel.

C#
PHP
Node
Shell

var client = new RestClient("https://b2bsoftpos.nexigroup.com/softpos/appenrollment/token");
var request = new RestRequest(Method.POST);
request.AddHeader("content-type", "SOME_STRING_VALUE");
IRestResponse response = client.Execute(request);

Request body

grant_typestringrequiredexample: client_credentials
client_idstringrequiredexample: <APP_ID>
client_secretstringrequiredexample: <APP_SECRET>

Request body

{
    "grant_type": "client_credentials",
    "client_id": "<APP_ID>",
    "client_secret": "<APP_SECRET>"
}

Responses

200Successoptional
- access_tokenstringoptionalexample: <BE_MERCH_TOKEN>
- token_typestringoptionalexample: Bearer
- expires_inintegeroptionalexample: 3600

200

{
    "access_token": "<BE_MERCH_TOKEN>",
    "token_type": "Bearer",
    "expires_in": 3600
}

Retrieve the public key used to encrypt the client_assertions for the PAR API.

GET /softpos/par/jwks.json

Used to sign payment_assertions in the SDK.

Parameters

Retrieve the public key used to encrypt the client_assertions for the PAR API.

C#
PHP
Node
Shell

var client = new RestClient("https://b2bsoftpos.nexigroup.com/softpos/par/jwks.json");
var request = new RestRequest(Method.GET);
IRestResponse response = client.Execute(request);

Responses

200Successoptional
- keysarrayoptional
  - ktystringoptionalexample: RSA
  - kidstringoptionalexample: example_key_id
  - usestringoptionalexample: enc
  - nstringoptionalexample: ...
  - estringoptionalexample: AQAB

200

{
    "keys": [
        {
            "kty": "RSA",
            "kid": "example_key_id",
            "use": "enc",
            "n": "...",
            "e": "AQAB"
        }
    ]
}

Perform a Pushed Authorization Request (PAR).

POST /softpos/as/par

According to RFC 9126. This must be called from the merchant's backend in MTLS using the developer certificate.

Parameters

content-typestringrequired
Specifies the media type of the resource or the data being sent in the request body. For form submissions, use 'application/x-www-form-urlencoded'.

Perform a Pushed Authorization Request (PAR).

C#
PHP
Node
Shell

var client = new RestClient("https://b2bsoftpos.nexigroup.com/softpos/as/par");
var request = new RestRequest(Method.POST);
request.AddHeader("content-type", "SOME_STRING_VALUE");
IRestResponse response = client.Execute(request);

Request body

client_assertionstringrequiredexample: <CLIENT_ASSERTION>
client_idstringrequiredexample: <APP_ID>
scopestringrequiredexample: <SCOPES>
redirect_uristringrequiredexample: <APP_REDIRECT_URI>

Request body

{
    "client_assertion": "<CLIENT_ASSERTION>",
    "client_id": "<APP_ID>",
    "scope": "<SCOPES>",
    "redirect_uri": "<APP_REDIRECT_URI>"
}

Responses

201Createdoptional
- request_uristringoptionalexample: <REQUEST_URI>
- expires_inintegeroptionalexample: 90

201

{
    "request_uri": "<REQUEST_URI>",
    "expires_in": 90
}