API Key and Session Tokens
At this section we describe how to work with API Keys and Session Tokens API
As we mentioned before, an API Key is an authentication sign method which should be used to make requests to the Channex PCI API endpoints.
You should protect your API Keys to prevent leaks. Don’t store API Keys in your Source Code and limit the count of people who have access to the API Keys.
API Key is represented with the next fields:
id unique identifier based at UUID v.4
api_key API Key value (Masked)
description String field with custom human readable notes about API Key if provided (Can be used to show where this key is used)
status Enumerable field with 2 possible values (active, revoked). If key is active you can use it to perform operations.
created_at Timestamp, when API Key was created.
revoked_at Timestamp, when API Key was revoked.Method to get list of existing API Keys associated with the account.
Request
Success Response
GET https://pci.channex.io/api/v1/api_keys?api_key={YOUR_API_KEY}
{
"data": [
{
"id": "4cdced9e-31ef-4f36-ad9a-3c9512f5646e",
"type": "api_key",
"attributes": {
"id": "4cdced9e-31ef-4f36-ad9a-3c9512f5646e",
"api_key": "...4a39b3",
"description": "Application key",
"status": "active",
"created_at": "2020-06-08T05:49:10.979Z",
"revoked_at": null
}
}
]
}
Method will return success result with code
200 OK and list of api_key under data node.Method to create a new API Key.
Request
Success Response
POST https://pci.channex.io/api/v1/api_keys?api_key={YOUR_API_KEY}
{
"api_key": {
"description": "API KEY description"
}
}
{
"data": {
"id": "4cdced9e-31ef-4f36-ad9a-3c9512f5646e",
"type": "api_key",
"attributes": {
"id": "4cdced9e-31ef-4f36-ad9a-3c9512f5646e",
"api_key": "4cdced9e31ef4f36ad9a4a39b3",
"description": "Application key",
"status": "active",
"created_at": "2020-06-08T05:49:10.979Z",
"revoked_at": null
}
}
}
Method will return success result with code
200 OK. Response will contain api_key structure.API Key will be visible only at this response, all other methods will not show the API Key again. The API Key will be automatically generated and show once only.
Method to get information about the API Key by ID.
Request
Success Response
GET https://pci.channex.io/api/v1/api_keys/{id}?api_key={YOUR_API_KEY}
{
"data": {
"id": "4cdced9e-31ef-4f36-ad9a-3c9512f5646e",
"type": "api_key",
"attributes": {
"id": "4cdced9e-31ef-4f36-ad9a-3c9512f5646e",
"api_key": "...4a39b3",
"description": "Application key",
"status": "active",
"created_at": "2020-06-08T05:49:10.979Z",
"revoked_at": null
}
}
}
Method will return success result with code
200 OK. Response will contain api_key structure.Method to revoke API Key. After this action, each request signed by a revoked key will fail and return an Authorization error.
Request
Success Response
DELETE https://pci.channex.io/api/v1/api_keys/{id}?api_key={YOUR_API_KEY}
Status: 204 No Content
Method will return success result with code
204 No Content. Response will contain api_key structure.Embedded operations at Channex PCI will expect to receive a
Session Token as an authorization sign. To generate a Session Token, you can use the next method:Request
Response
POST https://pci.channex.io/api/v1/session_tokens?api_key={YOUR_API_KEY}
{
"session_token": {
"scope": "card"
}
}
{
"data": {
"id": "string",
"type": "session_token",
"attributes": {
"session_token": "string",
"scope": "card"
}
}
}
Please, take a look at the scope argument, it represents how you can use created the
Session Token. The scope allows 2 values: card and service_code.If
Session Token created with scope card you can use it to get the card information, but does not include the Service Code for this card.If
Session Token created with scope service_code you will only see the Service Code and not the card details.Last modified 2yr ago