...OperationsMerchant ProfileAuthentication

Authentication

Access Token (OAuth 2.0)

URLs

Environment	URL
Non-production	https://api.reports.uat.inet.paynet.my/token
Production	https://api.reports.paynet.my/token

Parameters

Position	Parameter	Possible Value / Format	Sample Value
header	Accept	always “application/json”	application/json
	Content-Type	always “application/x-www-form-urlencoded”	application/x-www-form-urlencoded
data	grant_type	always “client_credentials”	client_credentials
	client_id	client identifier	client_123456789
	client_secret	client secret	secret_abcdefghijklmnop

Sample Request

curl --request POST \
  --url https://api.reports.uat.inet.paynet.my/token \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id=client_123456789 \
  --data client_secret=secret_abcdefghijklmnop

Sample Response

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "Bearer",
  "expires_in": 3600
}

info

The access token received from the authorization server will last for 1 hour. Once the token expires, you'll need to request a new token by repeating the same authentication process. (Subject to change)

Signature

info

This is only applicable to endpoints requiring X-Signature header.

Sample code to generate signature based on timestamp and client secret.

import hmac
import hashlib
import time

def generate_x_signature(timestamp: str, client_secret: str) -> str:
  # Convert the timestamp and secret key to bytes
  timestamp_bytes = timestamp.encode('utf-8')
  client_secret_bytes = client_secret.encode('utf-8')

  # Generate the HMAC-SHA256 signature
  signature = hmac.new(client_secret_bytes, timestamp_bytes, hashlib.sha256).hexdigest()
  return signature

# Example usage
# Generate the current timestamp as a string

timestamp = str(int(time.time()))
client_secret = "my_client_secret"

x_signature = generate_x_signature(timestamp, client_secret)
print("X-Timestamp:", timestamp)
print("X-Signature:", x_signature)

• Access Token (OAuth 2.0)
  • URLs
  • Parameters
  • Sample Request
  • Sample Response
• Signature
  • Sample code to generate signature based on timestamp and client secret.