Phase 2 releasemay bring breaking changes. The documentation page is being updated to reflect new implementations.

Console

Lean more and understand the concept of pasby consumers.

Organisations

An organisation on pasby developer console is a set of apps that use the same billing. Organisations allow one or more users to control billing and scope permissions for all applications belonging to the organisation. An app always belongs to an organisation.

When you first create an organisation it will have no applications associated to it. new organisation dashboard on console

Apps

An app on pasby™ belongs to an organisation and acts as a standalone interface with identities on pasby™. An app relies on the organisation's api keys but contains it's own client secret keys and private key for secure communication with pasby servers.

Setting up an app could be in either one of these two environments but not both;

  • Production
  • Sandbox

creating an app

Service account files

Great! you now have an organisation and an app, what is crucially left is your API credentials. pasby™ provides API credentials in two layers one is of the organisation layer and the other is of the app layer. Both layers eventually come together to exclusively identify you as a consumer.

A service file differs from the service account itself.

The service file is a configuration package wrapped up as a zip folder. This zip folder contains a config.json file and *.pem files. On the other hand a service account is simply your consumer clientID which can also be found in the service file.

Organisation service account

Organisations use the credentials in its service file to make authorised API calls for authenticating as either the consumer itself or their standalone applications. When an organisation authenticates as a consumer account, it has access to all resources that the consumer account has permission to access.

pasby™ only provides api-keys to organisations. To generate and retrieve your organisation service file with all its credentials go to Organisation » API config

generate organisation service account and file

As a security measure service account files can only be generated once, but if you feel your organisation has been compromised and won't like to loose access to your already instated apps, you can quickly reach out to support to help you reset your organisation service account without loosing your apps.

App service file

To communicate securely with pasby™ each app owned by an organisation is given its own unique RSA encryption keys, these keys and the application credentials are then zipped into a service file.

generate app service file

Client secret

A client secret is only attributed to apps. These secrets are alike your password to authenticating a standalone application on pasby™ especially with ^v2 and above endpoints.

Client secrets are one-off things and should never be shared with any one.

To generate a client secret go to App settings » API client » Create new client secret

Please don't commit your client secrets to GitHub!

The configuration file

At service account files we discussed the recognised layers in creating your API credentials. After generating your service account and files we advise as best practice to merge these layers into a config.json file for ease of use on your backend servers.

Here's the ideal config.json file structure.

{
   "type": "app",
    "appid": "app_",
    "consumer": "bcn_",
    "secret": "prd_ || snb_",
    "privatekey": "-----BEGIN RSA PRIVATE KEY-----************-----END RSA PRIVATE KEY-----",
    "apikeys": {
        "live": "bk-live_",
        "test": "bk-test_"
    }
}

Was this page helpful?