Learn how to ensure secure access to Nomba API Resources.
access_token
from the Nomba API Server, providing a framework for secure and efficient interactions with our platform. Within this protocol, two distinct processes, namely the Client-credentials flow and the PKCE flow flow, offer versatile approaches to acquiring the access_token
Initiation of Token Request
Token request initiation
Token Issuance by Nomba
access_token
accompanied by a refresh_token. These tokens empower the merchant’s server to make authorized API calls on behalf of the client.Refreshing your access_token
Client Generates Code Verifier and Code Challenge
code_verifier
.
From this code_verifier
, the client then computes a code_challenge
. Typically, the code_challenge
is the Base64-encoded SHA256 hash of the code_verifier
, as specified in Page 17 of RFC 7636Client Sends Code Challenge to Authorize Endpoint
code_challenge
when making a request to the PKCE authorization endpoint of the Nomba API. This is part of the initial step in the OAuth 2.0 authorization process.Nomba Returns Auth Code
auth_code
. The auth_code
serves as a temporary authorization code that the client will exchange for an access_token
.Client Calls IssueToken Endpoint
auth_code
and the original code_verifier
.Nomba Verifies auth code, Code Verifier and Issues Tokens
code_verifier
matches the code_challenge
associated with the auth_code
. If the verification is successful, Nomba issues the requested access_token
along with a refresh_token.code_verifier
is required during the token exchange.
PKCE flow