Appearance
Credentials
Your credentials are highly sensitive information and will be provided to you in an encrypted form.
If you have not yet received your credentials or need help obtaining them, please contact your Treezor Account Manager.
Information – Credentials are environment-specific
This means you have a set of credentials for each environment, they cannot be used with one another.
API authentication credentials
These credentials are composed of a client_id
integer and a client_secret
string.
They allow you to initiate an OAuth 2.0 authentication process, so you can send JWT-enabled requests to the Treezor Connect API.
Security – Securely store your client_id
and client_secret
They are confidential and sensitive; it is strictly forbidden to:
- Hard-code these credentials (as a constant, etc.)
- Commit these credentials in a version control system (i.e., configuration file)
- Store, display or use those on the client side (mobile app, front end, etc.)
If these credentials were to be compromised and a revocation was to occur, you would not be able to contact the API at all, until new credentials are provided to you (within 24 hours).
Best practice – Safe storage recommendations
- Use a
secureString
type in AWS SSM services (or any robust Vault system) - Inject them in your application environment variables at the deployment phase.
Dashboard credentials
These credentials are composed of dashboard_client_id
integer and dashboard_client_secret
string.
They are used to log into the Treezor Web Dashboard and cannot be used with the Treezor Connect API itself.
Webhooks
To verify the integrity of the webhooks, Treezor provided you with a webhook_secret
string.
This secret is used as a salt to hash the payload of each event.
Security – Keep your secret string safe
If a third-party were to access this secret string, they could send you fake events and your application would trust them.
Other variables
Note – These are not credentials
These variables can be stored with less stringent measures (you can safely store them in configuration files and environment files).
Tariff ID
tariffId
is an integer that corresponds to the contract pricing (fees) concluded between Treezor and you. You have one tariff ID per environment.
Depending on your API version, the tariffId
might be set API-wide, or may have to be passed along when creating each Wallet.
Card Print ID
card_print_id
is an integer that corresponds to a Credit Card design (the design printed on a credit card).
You may have multiple Card designs and need to keep track of their IDs.
MID (Merchant ID)
If your contract with Treezor allows for such a feature, you will receive your Merchant ID.