3. Authorization and Token Generation

Steps to request Authorization.

We share part of the credential and access information in an informative way. In order to take care of confidentiality, if there is hidden information with **** symbols, it can be requested from the NetPay integration area during the integration process that is taking place.

For practical purposes we will share the information to include in the Postman.

As a first step, authorization must be requested by adding the following information.

Username: trusted-app
Password: ****
Type: Basic Auth





Ask the integrations team for the password to generate the Authorization: Basic.

A Base64-encoded string representing your username and password values, appended to the text "Basic", will be passed to the API in the request headers.

If these values ​​are not visible, you can press the Hidden button positioned on the blue arrow and all the values ​​generated by Postman will be displayed automatically. The parameter that interests us is the Authorization parameter indicated by the red arrow and with a Basic type value indicated by the orange arrow that is accompanied by the encoded string of the previously added username and password that Postman automatically performs and adds ( the value that appears in the image is an example since it is required to request the password to generate it). Finally, it is important to consider when entering this value at the point of sale by code, it should be placed as {{Auth_string}} and examples for this will be presented later.




The base 64 encoded string presented in the image is an example and is not the correct value. For confidentiality and security issues, this value can be generated with the Username and Password of the authorization. If you do not wish to generate it, you can also request it from the NetPay integrations team to provide them during the integration process.

Steps to generate Access Token.

In order to carry out a sale, reprint or cancellation, it is first necessary to request authorization from the services by querying the server and obtaining an access token or access_token. The authorization service used is OAuth 2.0, which allows an application to be authorized in a standard, easy and secure way.

To obtain an access_token it is necessary to have the following data:

  • {{Auth_string}} : Encrypted text string sent in the request headers.
  • {{grant_type}} : This is how an application obtains an access_token.
  • {{username}} : user to request an access_token.
  • {{password}} : password to request an access_token.

2.1 Structure of a request.

POST http://nubeqa.netpay.com.mx:3334/oauth-service/oauth/token


Content-TypeTwo-part identifier for file formats transmitted over the Internet.stringapplication/x-www-form-urlencodedtrue
AuthorizationHTTP authentication scheme.stringBasic {Auth_string}true


  • grant_type={{grant_type}}&username={{username}}&password={{password}}
grant_typeMétodo a través del cuál la aplicación obtiene acceso.string15true
usernameUsuario para solicitar token de acceso.string20true
passwordContraseña del usuario para solicitar token de acceso.string20true



Ask the integrations team for the username and password to generate the access token.

2.2 Example request / response.

Below are examples in different programming languages ​​to make a request to request the access_token for the first time.