API Authentication
Last updated
Was this helpful?
Last updated
Was this helpful?
GraphQL requests (Braintree In-Person mutations) can be authenticated in one of two ways.
This is the ideal method if you're developing a custom application for a single merchant or offering a solution in which the merchant is fully responsible for the code calling the API and infrastructure surrounding it. In this model, a merchant logs in to the Braintree Control Panel to (public and private keys), copies and securely stores them, and makes API calls with them as a base64-encoded string, .
This is the ideal method if you're developing a single application or codebase leveraged by multiple merchants. This method removes the need for merchants to copy and paste credentials by replacing them with a web-based permission-granting flow within your application.
You will need to , , and on behalf of each of your merchants. Your application will also need to monitor token expiry and refresh them behind the scenes prior to expiry as needed.
You cannot grant 3rd Party permissions to your own account. For testing and development, you will need to . One account will act as the application owner, and the other account to simulate a test merchant.