In-Person
Braintree SandboxContact SalesGet Help
  • Braintree In-Person
  • About
    • Solution Architecture
    • Technical Overview
    • Solution Coverage
  • Hardware
    • Verifone P400
    • Verifone M400
    • Verifone E285
    • Verifone V400m
  • Get Started
    • Integration Checklist
    • Request Dev Kit
    • Configure Sandbox
    • Account Structure
  • Integration Guides
    • API Authentication
    • Setup Reader
    • Initiate a Sale or Refund
      • Initiate a Card Present Authorization
      • Level 2 and Level 3 Data Processing
      • Passing Lodging Data
    • Vaulting and Customers
    • PayPal and Venmo QRC
    • Display Information
    • Custom Prompts
    • Card Data Collection
    • GraphQL Error Handling
    • Offline Transactions
    • Additional API Calls
    • Receipt Printing API
    • Reporting and Reconciliation
    • Testing Your Integration
    • Ready for Launch?
  • Partner Considerations
    • Overview
  • Support
    • Reader Management System (RMS) - Available in Beta Only
    • Managing Firmware Updates
    • Troubleshooting
    • Network Connection Test
    • Support/Contact Us
  • Reference
    • Firmware Version Release Notes
    • Verifone Device Reference
    • EMV Receipt Reference
    • General Payments Terminology
    • GraphQL Docs
    • PayPal Braintree Sub-processors
    • FAQ
Powered by GitBook
On this page
  • Choosing an Authentication Option for your POS Solution
  • 1st Party API Caller (API Keys) - Basic Authentication
  • 3rd Party Application (OAuth) - Bearer Authentication

Was this helpful?

  1. Integration Guides

API Authentication

PreviousAccount StructureNextSetup Reader

Last updated 1 year ago

Was this helpful?

Choosing an Authentication Option for your POS Solution

GraphQL requests (Braintree In-Person mutations) can be authenticated in one of two ways.

1st Party API Caller (API Keys) - Basic Authentication

This is the ideal method if you're developing a custom application for a single merchant or offering a solution in which the merchant is fully responsible for the code calling the API and infrastructure surrounding it. In this model, a merchant logs in to the Braintree Control Panel to (public and private keys), copies and securely stores them, and makes API calls with them as a base64-encoded string, .

3rd Party Application (OAuth) - Bearer Authentication

This is the ideal method if you're developing a single application or codebase leveraged by multiple merchants. This method removes the need for merchants to copy and paste credentials by replacing them with a web-based permission-granting flow within your application.

You will need to , , and on behalf of each of your merchants. Your application will also need to monitor token expiry and refresh them behind the scenes prior to expiry as needed.

You cannot grant 3rd Party permissions to your own account. For testing and development, you will need to . One account will act as the application owner, and the other account to simulate a test merchant.

generate API Keys
as outlined here for GraphQL
create an OAuth Application
implement the merchant-facing web-based OAuth Flow
store the AccessToken and RefreshToken
create two Braintree sandbox accounts