How do I add an API key on Paytia?

How do I add an enhanced API key security on Paytia?

Generate a API key for your Paytia account and activate tokens

Note: this is a licenced service adding enhanced security through the use of access tokens and pre-authorisation before making your API post request.

The Paytia service requires API keys to be generated if your business or developers are integrating new services to Paytia merchant accounts.

The API key specifies the merchant account on the Paytia platform that an application will utilise when sending data to Paytia.

The API key is a licenced product and when active allows the Paytia customer to generate their own API keys from their Paytia administrative console.

API Secret Key

The API key is generated in the
Account security > API secret key sub-menu


Adding the API settings

You can choose to restrict access to your account by IP address as well as API key. 



All you need to do is pick the webhook settings output type

Single JSON data - this will give the output as one string of data

Multiple JSON data - this will separate each field sent as a new line of data in the JSON (Worldpay Corporate Gateway only)

Now click Save to activate your API key and settings on your account.

You will see your KEY is saved and active.



You will now see you have an additional Button in your Action column. This is for 'Generate tokens'.

If you click the 'Generate tokens' button you will see you have access keys.


To activate the service use the radio slider set to Green = ON

Now copy the Client ID and Client Secret. You will use these values with a new Paytia API pre-authorisation API service.

NOTE: The ‘client_id’ is a public identifier for apps. It must also be unique across all Paytia client API connections that our authorization server handles. Even though it’s public, the 32-character hex string is complex for added security.
NOTE: The ‘client_secret’ is a secret value known only to the application and the authorization server. It must be sufficiently random to not be guessable, you should, therefore, avoid using common UUID libraries which often take into account the timestamp or MAC address of the server generating it.
NOTE: The ‘access_token’ will be generated from your authorisation POST of the Client ID & Client Secret pair (in raw JSON format). This will be a time-limited token with auto expiry in one hour from key generation. The ‘access_token’ will be used to further authenticate the API requests made into Paytia.
NOTE: ‘refresh_token’ will be generated from your authorisation POST of the Client ID & Client Secret pair (in raw JSON format). The ‘refresh_token’ will be used to generate a new ‘access_token’ when the token expires. The ‘refresh_token’ will then be regenerated and returned with each ‘access_token’ creation to allow continued renewals of secure credentials to be generated.

The new API URL endpoint your will post to is /api/authorize
Example https://accounts.paytia.com/api/authorize 

Example post

curl --location 'https://accounts.paytia.com/api/authorize
--header 'X-API-KEY: 10ccd130aab3511a72b0a8fb68ae5e21d45c1392d671c65f04973c238495dd344' \
--header 'Cookie: ci_session=19johr4r63q758b60cigskiqvj4qtkeu' \
--form 'client_id="hgCHZzsrsBpDZFwzEzDNSdEsApP1qwa86NxVswjfM0IA="' \
--form 'client_secret="z/FZZiK0ouEE/AbUZWrNZjyRksNF8lZ3MioI9nCyQrADS="' \
--form 'refresh_token="elkLoWa38yuzgCNMXmBxgQ6//cU+M2Grkjd1nuHy0aYAA="'

Like all Paytia API's you will send a post request including your X-API-KEY value as a header field
In the body of the post you will send the client_id, client_secret values

When you post in, Paytia will send you a refresh token you can use in future posts to refresh the access session. 


    • Related Articles

    • How do I add an API key on Paytia?

      Generate a API key for your Paytia account The Paytia service requires API keys to be generated if your business or developers are integrating new services to Paytia merchant accounts. The API key specifies the merchant account on the Paytia platform ...

    • How do I add an user?

      Adding agents for capturing User ID and security pin Agents exist in the system for two licenses; Capturing an User ID number when using the Paytia service by telephone handset only Providing the user access to the Paytia SAgent Capture Assist web ...

    • Paytia API exception handling

      The Paytia API services generate status update webhook posts to allow the process and status updates to be tracked. Outside of the standard API posts there is also exception handling required for telephony. Paytia will send update webhooks for status ...

    • Webhooks sent from Paytia to API users for the payment capture IVR flow

      Paytia IVR webhook flow The initial post into Paytia will return a URL for the Paytia iframe. If you do not want to use the iframe you can ignore that response post ‘url’ value. Note: Paytia will maintain the reference_id value throughout the payment ...

    • API details

      What can I see in the API details view? API details shows you all the internal API exchange between Paytia telephony and API services. This is used for troubleshooting and transparency of the data passed internally on the Paytia service. The API ...