Communication API differs from other integration points in that it is not hosted by us, but by you - built to a specification provided by Shaype. This API defines a set of webhooks that we will call to notify you about various platform events, like card transactions or customer details changes. This also means that it will be us authenticating against your endpoints.
We currently support two authentication schemes: Long-living Bearer token, and OAUTH2.
Long-living Bearer token
When this scheme is selected, you will provide us with a long-living authentication token that we will configure in Shaype platform, and will be sending with our notification requests as an Authentication: Bearer HTTP header.
OAUTH2
When this scheme is selected, you will have to provide us with OAUTH2 access token endpoint and necessary grant. We currently support client_credentials
and refresh_token
grant types. We will call the token endpoint and use the returned access token when sending our notification requests as an Authentication: Bearer HTTP header.
The table below outlines configurable options on our end that allow flexibility when integrating with your OAUTH2 infrastructure.
Setting | Description | Example |
---|---|---|
Auth host | The token retrieval endpoint | https://your.auth.host.com/oauth/token |
Webhook host | The base URL for webhook endpoints hosted by you. The events will be sent to the Webhook host followed by /api/hay/v0/communications/email ,/api/hay/v0/communications/notifications and/api/hay/v0/communications/sms | https://your.comms.host.com/shaype/events |
Secret | Shared grant of client_credentials or refresh_token type | |
Client ID | The client ID that you assign to Shaype | |
Refresh time (seconds) | Determines the lifetime of access token received from the token endpoint (in seconds) | 82800 (23h) |
Grant type | Grant type we should pass to the token retrieval endpoint | client_credentials orrefresh_token |
Audience | Optional audience type we should pass to the token retrieval endpoint | |
Encoding type | Determines how the parameters passed to the token retrieval endpoint should be encoded. Possible options: - Url-encoded form - JSON body |