At Astra Payments APIs we use:
OAuth 2.0
Our APIs use the OAuth authorization standard, as specified in RFC 6749.
Digital Certificates
For triggering some of our APIs, the use of Digital Certificates is required, ensuring the authenticity and integrity of information.
HTTPS
We use HTTPS (Hyper Text Transfer Protocol Secure) connection in all our APIs.
Authorization Flows
Security is very important for consuming Astra Payments APIs, so we suggest reading this document and understanding the authorization flows.
There are 2 authorization flows used for consuming Astra Payments APIs:
- Authorization Code Flow: This OAuth authorization flow requires, besides application identification, express authorization from a user (third party). This flow begins with the application directing the client to Astra Payments' OAuth graphical interface.
- Client Credentials Flow: This OAuth authorization flow used by applications, where application authorization is made, does not require express authorization from a client (user).
Trigger Endpoints
Sandbox
- OAuth2: https://api-sandbox.astrapay.com.br
- Discovery: https://api-sandbox.astrapay.com.br/oauth/v1/.well-known/openid-configuration
Production
- OAuth2: https://api.astrapay.com.br
- Discovery: https://api.astrapay.com.br/oauth/v1/.well-known/openid-configuration
Specification Documentation
You can download the Specification Document for each flow at the links below:
- Specification Document - Authorization Code Flow
- Specification Document - Client Credentials Flow