Authentication and Authorisation
What is the difference between refresh and access tokens?
Access tokens are temporary credentials that grant access to a protected resource, while refresh tokens are used to obtain new access tokens once the current ones expire.When a user logs in to their Teya account and authorizes an application, they are granted an access token and a refresh token. The
How do I get API keys or tokens?
To obtain API keys or tokens, you first need to apply for an account on our platform. Once your account is approved, you can create OAuth applications which will provide you with client IDs and client secrets. These credentials will enable you to make API requests and access resources on behalf of y
Teya ID for Partners
Introduction to Teya IDTeya ID identifies and authenticates all users across the Teya ecosystem. It ensures:Identification: Using Teya ID, you can identify any user interacting with our products and recognize returning users.Authentication: Teya ID is the only user authentication provider via single
How do the authentication and authorisation of API endpoints work (e.g., API keys, OAuth, etc.)?
At Teya, we use the OAuth 2.0 protocol for authentication, which is a widely adopted industry-standard protocol for secure authorization. The OAuth 2.0 protocol enables client applications to access protected resources on behalf of a resource owner, such as a user or device.To use OAuth 2.0 with our
Can you clarify the different OAuth grant types and when to use each one?
Authorization Code Flow with PKCE is an enhanced version of the standard Authorization Code Grant, providing better security for public clients like mobile apps and SPAs. Device Code Flow is designed for input-constrained devices, allowing users to authorize these devices using another device with b
Can you give an example of user authentication using the POSLink use case?
Let's say you're a merchant using an ePOS application that supports the call-back URL flow. You want to authenticate your Teya ID with POSLink so you can process payments through Teya. Here are the steps you would take:Click on the settings page within your ePOS applicationSelect "Integrate with Tey
How can I keep my API keys and tokens secure?
Keeping your API keys and tokens secure is essential to protect your data and systems from unauthorized access or malicious attacks. To ensure their safety, always store them in a secure location and limit access and scope to only those who need it. When making API calls, use HTTPS to encrypt the da
What is a redirect URL?
A redirect URL is used in OAuth 2.0 to redirect users to an application after they grant permission to access their account. Specifically, this URL is used in the authorization code flow with PKCE, which is an enhanced security method to prevent authorization code interception attacks. In this flow,
What is OAuth and why it’s being used?
As mentioned in the previous question, we use the OAuth 2.0 protocol for the authentication and authorization of our endpoints. OAuth is an open standard for authorization that allows third-party applications to access a user's data without the need for the user's credentials. In simpler t