Skip to main content

Authentication

The system offers two distinct APIs to meet different integration needs:

API Data

Gateway API

This API is used for payment gateway operations:

Other APIs

These APIs are used for additional functionalities:

This method is used to obtain an authentication token, required to execute other API methods.

Prerequisites

To access the API and consume its functionalities, follow the steps below:

  1. Provide the necessary data to our team:

    • CNPJ of the company that will perform the transactions;
    • Company Name (Razão Social);
    • Contact information of the technical team responsible for the integration;
    • Production server IP that will make the requests.

  2. Obtain the userName and password after submitting the requested information.

  3. Perform login using the authentication endpoints with the provided userName and password.

  4. Receive the authentication token in the accessToken field as a response to the request.

  5. Include the token in the Authorization header to access other API endpoints.

  6. Renew the token before it expires to ensure continuity of operations.

Authentication Endpoints

Depending on the API used, the authentication endpoints are different. Below are the details of each one.

Gateway API Endpoint

POST /api/auth/token

Request

Example of a REST request with the body in JSON format:

Request
{
  "userName": "string",
  "password": "string"
}

Request Parameters

HEADERDESCRIPTIONTYPESIZENOTES
UserNameAPI access usernameString30Credentials provided by Sopague
PasswordAPI access user passwordString256Credentials provided by Sopague

Success Response

Response
{
  "authenticated": true,
  "created": "2023-01-01T14:25:28.913Z",
  "expiration": "2023-01-01T14:25:28.913Z",
  "accessToken": "string",
  "message": "string"
}

Other APIs Endpoint

POST /api/authentication/login

Request

Example of a REST request with the body in JSON format:

Request
{
  "userName": "string",
  "password": "string"
}

Request Parameters

HEADERDESCRIPTIONTYPESIZENOTES
UserNameAPI access usernameString30Credentials provided by Sopague
PasswordAPI access user passwordString256Credentials provided by Sopague

Success Response

Response
{
  "authenticated": true,
  "created": "2023-01-01T14:25:28.913Z",
  "expiration": "2023-01-01T14:25:28.913Z",
  "accessToken": "string",
  "message": "string"
}

Authentication Header

In all API calls (except for token retrieval), it is necessary to include the following header:

KeyValue
AuthorizationBearer eyJhbGciOiJSUzIlxdWVtZS[...]mj2m65fJfvmjdVXp6dQ

Details

  • The Bearer authentication type never changes.
  • The token value (example: eyJhbGciOiJSUzIlxdWVtZS[...]mj2m65fJfvmjdVXp6dQ) is obtained through authentication methods.

Important Notes

Attention
  • Tokens have an expiration date. It is the integrator system's responsibility to renew the token before it expires to continue making calls.