How do I manage client credentials for different environments?


You will receive client-id and client-secret for sandbox and production environments. In both sandbox and production, you have the same client-id, but the client-secret is not the same in sandbox and in production. 

Once you've tested in sandbox environment, you'll receive client-id and client-secret for production in a password protected zip file. That is the only thing you need to go through the OpenID processes.

You will only need to administrate the following:

  • 1 client-secret for sandbox
  • 1 client-secret for production
  • The same client-id for both environments 

Obtaining tokens:

Once the access token expires, then you can use the refresh token to obtain a new access token. You can do this without merchant involvement. The refresh token expires after 13 months. 

You get a new refresh token through the following endpoint: