search
VISA Concierge Android SDKVISA Concierge iOS SDK

arrow-progressAccess Token Acquisition Methods

In this section, the main methods for obtaining an access token and a user token will be outlined.

hashtag
Backend Access Token Generation

The Backend Access Token Generation process involves obtaining an access token from the API, which is essential for authenticating requests. To generate an access token, you need to Application ID (username) and Application Secret (password). Upon successful authentication, the API returns an access token, its expiration time, and a refresh token. The access token must be included in the Authorization header of subsequent API requests to access protected resources. This method allows obtaining an access token in two ways. The first way is by using the Application ID and Application Secret. The second way is by using the refresh token.

URL https://api.infocus.companyarrow-up-right

POST /sdk/auth/getToken

Headers

Name
Value

Content-Type

application/json

Body

Name
Type
Description

String

The type of data parameter from which the access token will be generated. The valid values are 'password' and 'refresh_token'

username

String

Use the credentials provided to you for access to the SDK as the username. This field is filled when the grant_type is set to 'password'

password

String

Use the credentials provided to you for access to the SDK as the password. This field is filled when the grant_type is set to 'password'

String

In this field, the refresh token is passed. The value must be specified when the grant_type is set to refresh_token.

Response

The method returns a JSON object containing the generated Backend Access Token.

{
  "access_token": "eyJqdGkiOiJhNmE4ZmQ3Ny02MGE1LTQzOWEtOWRkMC1lMTdjOTY1NzA3YjUiLCJleHAiOjE1NTQzNjc3MDksIm5iZiI6MCwiaWF0IjoxNTU0MzY3NDA5LCJpc3MiOiJodHRwczovL2tleWNsb2FrLmluZm9jdXMuY29tcGFueS9hdXRoL3JlYWxtcy9tYXN0ZXIiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiZWQ4ZTk0M2EtMGRjZC00YTg0LThmZWUtZjZiMzlhYTE2MmI1IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiQVBJIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiYjQzMTIzOTctYmZmMi00YjU1LTk2OTYtNjgyM2M5MWU1OGE2IiwiYWNyIjoiMSIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJ1c2VyQVBJIiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoiZW1haWwgcHJvZmlsZSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwiZ3JvdXBzIjpbIlRlc3RNb2RlbDFib3QiXSwicHJlZmVycmVkX3VzZXJuYW1lIjoidHNhcmV2In0",
  "expires_in": "30",
  "refresh_expires_in": "180",
  "refresh_token": "eyJqdGkiOiIzNDk0YTA3Yy0xNDVhLTQwNGItYmFkYS1mOWJiODY3N2JhMmEiLCJleHAiOjE1NTQzNjkyMDksIm5iZiI6MCwiaWF0IjoxNTU0MzY3NDA5LCJpc3MiOiJodHRwczovL2tleWNsb2FrLmluZm9jdXMuY29tcGFueS9hdXRoL3JlYWxtcy9tYXN0ZXIiLCJhdWQiOiJodHRwczovL2tleWNsb2FrLmluZm9jdXMuY29tcGFueS9hdXRoL3JlYWxtcy9tYXN0ZXIiLCJzdWIiOiJlZDhlOTQzYS0wZGNkLTRhODQtOGZlZS1mNmIzOWFhMTYyYjUiLCJ0eXAiOiJSZWZyZXNoIiwiYXpwIjoiQVBJIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiYjQzMTIzOTctYmZmMi00YjU1LTk2OTYtNjgyM2M5MWU1OGE2IiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbInVzZXJBUEkiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJlbWFpbCBwcm9maWxlIn0",
  "token_type": "bearer"
}

hashtag
Example

Response body

hashtag
Client Access Token Generation

A client token is essential for secure and personalized interactions between banks and their customers when utilizing the Concierge Service SDK. Banks integrating this SDK into their mobile applications must generate a client token to enable its functionality. This token contains crucial information about both the bank generating it and the customer using the mobile app.

There are two types of client tokens available for implementation:

  1. Phone Number Hash-Based Token – This token is generated from the hash of the client’s financial phone number. It is expected that these phone numbers have been preloaded into the Concierge Service system via web servicesarrow-up-right and identified as belonging to the bank’s clients.

  2. Internal Client ID-Based Token – Alternatively, the token can be generated using the bank’s internal client identifier, which must be unique within the bank’s system.

All users authenticated with a client token are automatically recognized as bank clients and gain access to banking services through the Concierge Service SDK within the mobile application.

hashtag
Method for retrieving a user token based on the hash of the phone number.

This method generates a Client Access Token, which is required for performing operations with user-specific data. To generate the token, a Backend Access Token is needed. The Backend Access Token is generated by a separate method and must be passed in the Authorization header of the request.

URL https://api.infocus.companyarrow-up-right

POST /sdk/v1/user/getToken

Headers

Name
Value

Authorization

Bearer <BackendAccessToken>

Content-Type

application/json

Body

The request body must contain an array of objects. Each object should include the following fields:

Name
Type
Description

Integer

The duration in minutes for which the Client Access Token will remain valid. The value must be between 1 and 518,400 minutes.

ArrayObject

A list of objects containing information about

the client's phone numbers.

Name
Type
Description

String

Phone number hash.

Boolean

Determines whether the phone number is primary or not. Only one phone number can be designated as primary.

Response

hashtag
Example

hashtag
Method for retrieving a user token based on customer ID.

Method for Independent Service Activation by the Client This method is used in scenarios where the bank does not perform pre-activation and does not provide prior client information. In this case, the client independently connects and activates the concierge service using the provided token type.

Process Description:

  1. Application Scenario

This method is suitable for independent client service activation when:

  • The bank has not pre-activated the service.

  • Client information is not available in the system.

  1. Service Activation Steps

The client initiates the activation process via the SDK, providing the necessary data for identification and service activation.

URL https://api.infocus.companyarrow-up-right

POST /sdk/v1/user/getTokenById

Headers

Name
Value

Authorization

Bearer <BackendAccessToken>

Content-Type

application/json

Body

The request body must contain an array of objects. Each object should include the following fields:

Name
Type
Description

Integer

The duration in minutes for which the Client Access Token will remain valid. The value must be between 1 and 518400 minutes.

customer_id

String

The unique identifier for the customer

Integer

This is a required parameter that defines the customer service level associated with the card product. Possible values are:

2 – Visa Platinum,

3 – Visa Signature,

4 – Visa Infinite,

5 – Visa Platinum Business,

6 – Visa Business,

7 – Visa Signature Business,

8 – Visa Infinite Business.

Response

hashtag
Example

PreviousWebhook Setup

Last updated