Console

Lean more and understand the concept of pasby consumers.

Organizations

An organization on pasby developer console is a set of apps that use the same billing. Organizations allow one or more users to control billing and scope permissions for all applications belonging to the organization. An app always belongs to an organization.

When you first create an organization it will have no applications associated to it. new organization dashboard on console

Apps

An app on pasby™ belongs to an organization and acts as a standalone interface with identities on pasby™. An app relies on the organization's api keys but contains it's own client secret keys and private key for secure communication with pasby servers.

Setting up an app could be in either one of these two environments but not both;

  • Production
  • Sandbox

creating an app

Service account files

Great! you now have an organization and an app, what is crucially left is your API credentials. pasby™ provides API credentials in two layers one is of the organization layer and the other is of the app layer. Both layers eventually come together to exclusively identify you as a consumer.

A service file differs from the service account itself.

The service file is a configuration package wrapped up as a zip folder. This zip folder contains a config.json file and *.pem files. On the other hand a service account is simply your consumer clientID which can also be found in the service file.

Organization service account

Organizations use the credentials in its service file to make authorised API calls for authenticating as either the consumer itself or their standalone applications. When an organization authenticates as a consumer account, it has access to all resources that the consumer account has permission to access.

pasby™ only provides api-keys to organizations. To generate and retrieve your organization service file with all its credentials go to Organization » API config

generate organization service account and file

As a security measure service account files can only be generated once, but if you feel your organization has been compromised and won't like to loose access to your already instated apps, you can quickly reach out to support to help you reset your organization service account without loosing your apps.

App service file

To communicate securely with pasby™ each app owned by an organization is given its own unique RSA encryption keys, these keys and the application credentials are then zipped into a service file.

generate app service file

Client secret

A client secret is only attributed to apps. These secrets are alike your password to authenticating a standalone application on pasby™ especially with ^v2 and above endpoints.

Client secrets are one-off things and should never be shared with any one.

To generate a client secret go to App settings » API client » Create new client secret

Please don't commit your client secrets to GitHub!

The configuration file

At service account files we discussed the recognised layers in creating your API credentials. After generating your service account and files we advise as best practice to merge these layers into a config.json file for ease of use on your backend servers.

Here's the ideal config.json file structure.

{
   "type": "app",
    "appid": "app_",
    "consumer": "bcn_",
    "secret": "prd_ || snb_",
    "privatekey": "-----BEGIN RSA PRIVATE KEY-----************-----END RSA PRIVATE KEY-----",
    "apikeys": {
        "live": "bk-live_",
        "test": "bk-test_"
    }
}

Was this page helpful?