Appearance

Credentials

Your credentials are very sensitive information and will be provided to you in an encrypted form.

If you have not yet received your credentials or need help obtaining them, please contact your Treezor Account Manager.

Info icon

Information – Credentials are environment-specific

This means you have a set of credentials for each environment, they cannot be used with one another.

API authentication credentials

There are composed of a client_id integer and a client_secret string.

These credentials are used to initiate an OAuth 2.0 authentication process, then allowing you to send JWT-enabled request to the Treezor Connect API.

Lock icon

Security – Securely store your client_id and client_secret

They are confidential and sensitive; it is strictly forbidden to:

  • Hard-code these credentials (as a constant, etc.)
  • Commit these credentials in a version control system (i.e., configuration file)
  • Store, display or use those on the client side (mobile app, front end, etc.)

If these credentials were to be compromised and a revocation was to occur, you would not be able to contact the API at all, until new credentials are provided to you (within 24 hours).

Thumbs icon

Best practice – Safe storage recommendations

  • Use a secureString type in AWS SSM services (or any robust Vault system)
  • Inject them in your application environment variables at the deployment phase.

Dashboard credentials

Those are composed of dashboard_client_id integer and dashboard_client_secret string.

They are used to log into the Treezor Web Dashboard and cannot be used with the Treezor Connect API itself.

Webhooks

To check the integrity of the webhooks, Treezor provided you with a webhook_secret string.

That secret is used as a salt to hash the payload of each event.

Lock icon

Security – Keep your secret string safe

If a third-party was to access this secret string, they could send you fake events and your application would trust them.

Other variables

Note icon

Note – These are not credentials

These variables can be stored with less stringent measures (you can safely store them in configuration files and environment files).

Tarrif ID

tarif_id is an integer that corresponds to the contract pricing (fees) concluded between Treezor and you. You have one Tarrif ID per environment.

Depending on your API version, the tarif_id might be set API-wide, or may have to be passed along when creating each Wallet.

Card Print ID

card_print_id is an integer that corresponds to a Credit Card design (the design printed on a credit card).

You may have multiple Card designs and need to keep track of their IDs.

MID (Merchant ID)

If your contract with Treezor allows for such a feature, you will receive your Merchant ID.