API Key and Session Tokens
At this section we describe how to work with API Keys and Session Tokens API
As we mentioned before, an API Key is an authentication sign method which should be used to make requests to the Channex PCI API endpoints.
You should protect your API Keys to prevent leaks. Don’t store API Keys in your Source Code and limit the count of people who have access to the API Keys.
API Key is represented with the next fields:
id
unique identifier based at UUID v.4
api_key
API Key value (Masked)
description
String field with custom human readable notes about API Key if provided (Can be used to show where this key is used)
status
Enumerable field with 2 possible values (active, revoked). If key is active you can use it to perform operations.
created_at
Timestamp, when API Key was created.
revoked_at
Timestamp, when API Key was revoked.Method to get list of existing API Keys associated with the account.
Request
Success Response
GET https://pci.channex.io/api/v1/api_keys?api_key={YOUR_API_KEY}
{
"data": [
{
"id": "4cdced9e-31ef-4f36-ad9a-3c9512f5646e",
"type": "api_key",
"attributes": {
"id": "4cdced9e-31ef-4f36-ad9a-3c9512f5646e",
"api_key": "...4a39b3",
"description": "Application key",
"status": "active",
"created_at": "2020-06-08T05:49:10.979Z",
"revoked_at": null
}
}
]
}
Method will return success result with code
200 OK
and list of api_key
under data node.Method to create a new API Key.
Request
Success Response
POST https://pci.channex.io/api/v1/api_keys?api_key={YOUR_API_KEY}
{
"api_key": {
"description": "API KEY description"
}
}
{
"data": {
"id": "4cdced9e-31ef-4f36-ad9a-3c9512f5646e",
"type": "api_key",
"attributes": {
"id": "4cdced9e-31ef-4f36-ad9a-3c9512f5646e",
"api_key": "4cdced9e31ef4f36ad9a4a39b3",
"description": "Application key",
"status": "active",
"created_at": "2020-06-08T05:49:10.979Z",
"revoked_at": null
}
}
}
Method will return success result with code
200 OK
. Response will contain api_key
structure.API Key will be visible only at this response, all other methods will not show the API Key again. The API Key will be automatically generated and show once only.
Method to get information about the API Key by ID.
Request
Success Response
GET https://pci.channex.io/api/v1/api_keys/{id}?api_key={YOUR_API_KEY}
{
"data": {
"id": "4cdced9e-31ef-4f36-ad9a-3c9512f5646e",
"type": "api_key",
"attributes": {
"id": "4cdced9e-31ef-4f36-ad9a-3c9512f5646e",
"api_key": "...4a39b3",
"description": "Application key",
"status": "active",
"created_at": "2020-06-08T05:49:10.979Z",
"revoked_at": null
}
}
}
Method will return success result with code
200 OK
. Response will contain api_key
structure.Method to revoke API Key. After this action, each request signed by a revoked key will fail and return an Authorization error.
Request
Success Response
DELETE https://pci.channex.io/api/v1/api_keys/{id}?api_key={YOUR_API_KEY}
Status: 204 No Content
Method will return success result with code
204 No Content
. Response will contain api_key
structure.Embedded operations at Channex PCI will expect to receive a
Session Token
as an authorization sign. To generate a Session Token
, you can use the next method:Request
Response
POST https://pci.channex.io/api/v1/session_tokens?api_key={YOUR_API_KEY}
{
"session_token": {
"scope": "card"
}
}
{
"data": {
"id": "string",
"type": "session_token",
"attributes": {
"session_token": "string",
"scope": "card"
}
}
}
Please, take a look at the scope argument, it represents how you can use created the
Session Token
. The scope allows 2 values: card
and service_code
.If
Session Token
created with scope card
you can use it to get the card information, but does not include the Service Code
for this card.If
Session Token
created with scope service_code
you will only see the Service Code
and not the card details.Last modified 2yr ago