Security Tokens

1. Generating a security token

To generate a security token in GoldLeaf, first you must have a valid (non-expired) API key and you must be requesting from a valid trusted IP address. You also need to know the API Key name. Obtain a Bearer token by making a POST request to https://goldleaf.app/security/v1/token This request should come from your back-end server which must be a trusted IP address for this API key. Your request body must include: { "apiKey": "<yourApiKey>", "name": "<yourApiKeyName>", "grantType": "client_credentials" } The json response will be the valid security token: { "securityToken": "<validBearerToken>", "expires": "<tokenExpiryDateTime>", } With this security token you may now may requests to GoldLeaf from any IP using this token. The token will expire in one hour. Once you have a security token, you can pass it to the GoldLeaf iframe component through your front end.

2. Using a security token to make an API call

To access GoldLeaf API’s, pass the security token as a Bearer token to any of the GoldLeaf API endpoints

3. Using a Customer API Key security token

To access GoldLeaf restricted Customer API’s, a valid GoldLeaf customerId must be passed in the GET or POST request headers. The customer Id is a 24 character hexadecimal string. { "apiCustomerId": "<customerGoldLeafId>", } When a customerId is passed with the request, using a security token generated by a customer API key, the results (e.g. pricing) will be specific to that customer.

Last Updated::