Appearance

Credentials

Your credentials are highly sensitive information and will be provided to you in an encrypted form.

If you have not yet received your credentials or need help obtaining them, please contact your Treezor Account Manager.

Info icon

Information – Credentials are environment-specific

This means you have a set of credentials for each environment, they cannot be used with one another.

API authentication credentials

These credentials are composed of a client_id integer and a client_secret string.

They allow you to initiate an OAuth 2.0 authentication process, so you can send JWT-enabled requests to the Treezor Connect API.

Lock icon

Security – Securely store your client_id and client_secret

They are confidential and sensitive; it is strictly forbidden to:

  • Hard-code these credentials (as a constant, etc.)
  • Commit these credentials in a version control system (i.e., configuration file)
  • Store, display or use those on the client side (mobile app, front end, etc.)

If these credentials were to be compromised and a revocation was to occur, you would not be able to contact the API at all, until new credentials are provided to you (within 24 hours).

Thumbs icon

Best practice – Safe storage recommendations

  • Use a secureString type in AWS SSM services (or any robust Vault system)
  • Inject them in your application environment variables at the deployment phase.

Dashboard credentials

These credentials are composed of dashboard_client_id integer and dashboard_client_secret string.

They are used to log into the Treezor Web Dashboard and cannot be used with the Treezor Connect API itself.

Webhooks

To verify the integrity of the webhooks, Treezor provided you with a webhook_secret string.

This secret is used as a salt to hash the payload of each event.

Lock icon

Security – Keep your secret string safe

If a third-party were to access this secret string, they could send you fake events and your application would trust them.

Other variables

Note icon

Note – These are not credentials

These variables can be stored with less stringent measures (you can safely store them in configuration files and environment files).

Tariff ID

tariffId is an integer that corresponds to the contract pricing (fees) concluded between Treezor and you. You have one tariff ID per environment.

Depending on your API version, the tariffId might be set API-wide, or may have to be passed along when creating each Wallet.

Card Print ID

card_print_id is an integer that corresponds to a Credit Card design (the design printed on a credit card).

You may have multiple Card designs and need to keep track of their IDs.

MID (Merchant ID)

If your contract with Treezor allows for such a feature, you will receive your Merchant ID.