Credentials
Your credentials are very sensitive information and will be provided to you in an encrypted form.
If you have not yet received your credentials or need help obtaining them, please contact your Treezor Account Manager.
Information – Credentials are environment-specific
This means you have a set of credentials for each environment, they cannot be used with one another.
API authentication credentials
There are composed of a client_id
integer and a client_secret
string.
These credentials are used to initiate an OAuth 2.0 authentication process, then allowing you to send JWT-enabled request to the Treezor Connect API.
Security – Securely store your client_id
and client_secret
They are confidential and sensitive; it is strictly forbidden to:
- Hard-code these credentials (as a constant, etc.)
- Commit these credentials in a version control system (i.e., configuration file)
- Store, display or use those on the client side (mobile app, front end, etc.)
If these credentials were to be compromised and a revocation was to occur, you would not be able to contact the API at all, until new credentials are provided to you (within 24 hours).
Best practice – Safe storage recommendations
- Use a
secureString
type in AWS SSM services (or any robust Vault system) - Inject them in your application environment variables at the deployment phase.
Dashboard credentials
Those are composed of dashboard_client_id
integer and dashboard_client_secret
string.
They are used to log into the Treezor Web Dashboard and cannot be used with the Treezor Connect API itself.
Webhooks
To check the integrity of the webhooks, Treezor provided you with a webhook_secret
string.
That secret is used as a salt to hash the payload of each event.
Security – Keep your secret string safe
If a third-party was to access this secret string, they could send you fake events and your application would trust them.
Other variables
Note – These are not credentials
These variables can be stored with less stringent measures (you can safely store them in configuration files and environment files).
Tarrif ID
tarif_id
is an integer that corresponds to the contract pricing (fees) concluded between Treezor and you. You have one Tarrif ID per environment.
Depending on your API version, the tarif_id
might be set API-wide, or may have to be passed along when creating each Wallet.
Card Print ID
card_print_id
is an integer that corresponds to a Credit Card design (the design printed on a credit card).
You may have multiple Card designs and need to keep track of their IDs.
MID (Merchant ID)
If your contract with Treezor allows for such a feature, you will receive your Merchant ID.