Merchant tokens

Merchant tokens are use to work with payment requests.

Creating tokens

When a merchant token is created using the MoneyMoov API, the access token is returned in the API response body. Note, it is not saved in the NoFrixion database, so must be captured and securely stored on the client side.

To create a merchant token use the merchants/tokens POST method ) as shown below:

using System.Net.Http.Json;

const string baseUrl = "<<SANDBOX_URL>>merchants/tokens";

var jwtToken = Environment.GetEnvironmentVariable("NOFRIXION_USER_TOKEN");

var client = new HttpClient();

client.DefaultRequestHeaders.Add("Accept", "application/json");
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {jwtToken}");

var data = new Dictionary<string, string>();
data.Add("MerchantID","xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx");
data.Add("Description","API created token");

HttpContent postData = new FormUrlEncodedContent(data);

try
{
    var response = await client.PostAsync(baseUrl, postData);
    if (response.IsSuccessStatusCode)
    {
        var responseBody = await response.Content.ReadFromJsonAsync<MerchantToken>();
        if (responseBody != null)
        {
            // Resposne body JSON contains merchant token - SAVE THIS! (it isn't stored in the MoneyMoov system)
            Console.WriteLine(responseBody);
        }
    }
    else
    {
        // HTTP error codes will return a MoneyMoov API problem object
        Console.WriteLine(await response.Content.ReadFromJsonAsync<ApiProblem>());
    }
}
catch (Exception e)
{
    Console.WriteLine($"Error: {e.Message}");
}

// Type declarations for returned data
record MerchantToken(string id, string merchantId, string description, string inserted,
            string lastUpdated, string token);

record ApiProblem(string type, string title, int status, string detail);

// These modules allow the code to run on Node.js, they aren't required if running in a browser.
const fetch = require('cross-fetch');
const FormData = require('form-data');

// Remember, the JWT access token must be securely stored - this example uses an environment variable
const jwtToken = process.env.NOFRIXION_USER_TOKEN;

const url = '<<SANDBOX_URL>>merchants/tokens';

// Build data object.
let data = new FormData();
data.append('MerchantID', 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx');
data.append('Description', 'API created token');

const options = {
    method: 'POST',
    headers: {
        Accept: 'application/json',
        Authorization: 'Bearer ' + jwtToken
    },
    body: data
};

fetch(url, options)
    .then(response => response.json())
    // The new merchant token is returned in responseJson => MAKE SURE YOU SAVE THIS! (we don't store it)
    .then(responseJson => console.log(responseJson))
    .catch(err => console.error(err));

# The 'requests' library for Python can be used to make calls to the MoneyMoov API in
# popular python frameworks such as Django and Flask.
import requests
import os

# Remember, the JWT access token must be securely stored ('os' module above allows storage in environment variable)
jwtToken = os.environ['NOFRIXION_USER_TOKEN']

baseUrl = "<<SANDBOX_URL>>merchants/tokens"

headers = {
    "Accept": "application/json",
    "Authorization": f"Bearer {jwtToken}"
}

tokenData = {
    "MerchantID":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "Description":"API created token"
}

response = requests.request("POST", baseUrl, headers=headers, data = tokenData)

if response.ok:
    # Returned JSON data contains the new merchant token => MAKE SURE YOU SAVE THIS! (we don't store it).
    print(response.json())
else:
    # If not OK, response contains MoneyMoov problem (https:#docs.nofrixion.com/reference/error-messages)
    print(response.json())

Viewing tokens

A list of tokens previously issued to a merchant can be retrieved using the merchants/{merchantId}/tokens endpoint. Note, the actual tokens are not returned here:

using System.Net.Http.Json;

var jwtToken = Environment.GetEnvironmentVariable("NOFRIXION_USER_TOKEN");

const string baseUrl = "<<SANDBOX_URL>>merchants";
string merchantId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx";

var client = new HttpClient();

client.DefaultRequestHeaders.Add("Accept", "application/json");
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {jwtToken}");

try
{
    var response = await client.GetAsync($"{baseUrl}/{merchantId}/tokens");
    if (response.IsSuccessStatusCode)
    {
        var merchantTokens = await response.Content.ReadFromJsonAsync<List<MerchantToken>>();
        if (merchantTokens != null && merchantTokens.Count != 0)
        {
            foreach (var merchantToken in merchantTokens)
            {
                // Display merchant tokens token information
                Console.WriteLine(merchantToken);
            }
        }
        else
        {
            Console.WriteLine("No merchant tokens found.");
        }
    }
    else
    {
        // HTTP error codes will return a MoneyMoov API problem object
        Console.WriteLine(await response.Content.ReadFromJsonAsync<ApiProblem>());
    }
}
catch (Exception e)
{
    Console.WriteLine($"Error: {e.Message}");
}

// Type definitions for returned data
record MerchantToken(string id, string merchantId, string description, string inserted,
            string lastUpdated);

record ApiProblem(string type, string title, int status, string detail);

// This package allows the script to run on node.js, not required for browser use.
const fetch = require('cross-fetch');

// Remember, the JWT access token must be securely store - this example uses an environment variable
const jwtToken = process.env.NOFRIXION_USER_TOKEN;

const baseUrl = '<<SANDBOX_URL>>merchants';
var merchantId = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx';

const options = { method: 'GET', headers: { Accept: 'application/json', Authorization: 'Bearer ' + jwtToken } };

fetch(`${baseUrl}/${merchantId}/tokens`, options)
    .then(response => response.json())
    // Returns JSON array of merchant tokens.
    .then(responseJson => console.log(responseJson))
    .catch(err => console.error(err));

# The 'requests' library for Python can be used to make calls to the MoneyMoov API in
# popular python frameworks such as Django and Flask.
import requests
import os

# Remember, the JWT access token must be securely stored ('os' module above allows storage in environment variable)
jwtToken = os.environ['NOFRIXION_USER_TOKEN']

baseUrl = "<<SANDBOX_URL>>merchants"
merchantID = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

headers = {
    "Accept": "application/json",
    "Authorization": f"Bearer {jwtToken}"
}

response = requests.request("GET", f"{baseUrl}/{merchantID}/tokens", headers=headers)

if response.ok:
    # Returns JSON array of merchant tokens.
    print(response.json())
else:
    # If not OK, response contains MoneyMoov problem (https://docs.nofrixion.com/reference/error-messages)
    print(response.json())

Deleting tokens

The /merchants/tokens/{tokenId} DELETE method can be used to delete a merchant token as shown below:

using System.Net.Http.Json;

const string baseUrl = "<<SANDBOX_URL>>merchants/tokens";

var jwtToken = Environment.GetEnvironmentVariable("NOFRIXION_USER_TOKEN");

var client = new HttpClient();

client.DefaultRequestHeaders.Add("Accept", "application/json");
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {jwtToken}");

string tokenId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx";

try
{
    var response = await client.DeleteAsync($"{baseUrl}/{tokenId}");
    if (response.IsSuccessStatusCode)
    {   
        //HTTP staus "OK" on success.
        Console.WriteLine(response.StatusCode);
    }
    else
    {
        // HTTP error codes will return a MoneyMoov API problem object
        Console.WriteLine(await response.Content.ReadFromJsonAsync<ApiProblem>());
    }
}
catch (Exception e)
{
    Console.WriteLine($"Error: {e.Message}");
}

// Type definitions for returned data
record ApiProblem(string type, string title, int status, string detail);

// This module allows the code to run on Node.js, it's not required if running in a browser.
const fetch = require('cross-fetch');

// Remember, the JWT access token must be securely store - this example uses an environment variable
const jwtToken = process.env.NOFRIXION_USER_TOKEN;

const url = '<<SANDBOX_URL>>merchants/tokens';

// need to specify tokenId to delete
var tokenId = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx';

const options = {
    method: 'DELETE',
    headers: {
        Accept: 'application/json',
        Authorization: "Bearer " + jwtToken
    }
};

fetch(`${url}/${tokenId}`, options)
    .then(response => response.status)
    // Should get response status 200 on success
    .then(respStatus => console.log(respStatus))
    .catch(err => console.error(err));

# The 'requests' library for Python can be used to make calls to the MoneyMoov API in
# popular python frameworks such as Django and Flask.
import requests
import os

# Remember, the JWT access token must be securely stored ('os' module above allows storage in environment variable)
jwtToken = os.environ['NOFRIXION_USER_TOKEN']

baseUrl = "<<SANDBOX_URL>>merchants/tokens"
tokenID = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

headers = {
    "Accept": "application/json",
    "Authorization": f"Bearer {jwtToken}"
}

response = requests.request("DELETE", f"{baseUrl}/{tokenID}", headers=headers)

if response.ok:
    # Process response / reason. Expect "200: OK" on success
    print(f"{response.status_code}: {response.reason}")
else:
    # If not OK, response contains MoneyMoov problem (https:#docs.nofrixion.com/reference/error-messages)
    print(response.json())