Authentication¶
Treazure Cloud API's authenticate with OAuth2.0 bearer/JWT token.
Well known configuration is available here: https://my-tenant.posengine.treazure-test.cloud/identity/.well-known/openid-configuration
The token endpoint is: https://my-tenant.posengine.treazure-test.cloud/identity/connect/token
Hint
Do not forget to replace my-tenant with your actual tenant prefix.
API Client management¶
API Clients are managed by Cow Hills. Such clients have a client id, client secret and one or more values for scope;
An API Client has only 1 secret. This secret cannot be retrieved once it has been issued. It is possible to reset the secret, but that will invalidate previous secrets.
Token lifetime¶
By default an issued token is valid for 1 hour. It is not possible to refresh the token so a new token has to be requested on expiry.
Please keep a safe margin, e.g. replace the token after 55 minutes.
Tokens and HA (High Availability)¶
Treazure runs on multiple physical environments in HA setup. JWT tokens issued by Treazure are valid on every such environment. So in case of failover to different region/data center the JWT token remains operational.
Scopes¶
| Scope | Usage for | Usage by |
|---|---|---|
| api_switch | Frontoffice giftcards, coupons, payment providers | Frontoffice |
| api_shopnotification | Posting shop notifications | Backoffice |
| api_employeeput | Employee maintenance | Backoffice |
| api_employeediscount | Employee discount balance redemption | Frontoffice |
| api_couponmanagement | Coupon management | Backoffice |
| api_loyaltyvault | Loyalty Vault | Front office |
| api_transport | Accessing RosExporter export files | Backoffice |
| api_promo | For accessing Treazure Promo for one specific chain. Multiple chains require multiple clients. | Frontoffice |
| api_dataprojector | For connecting TreazureBridge to Treazure Cloud | Cow Hills Treazure Enterprise |
| api_digitalreceipt | Posting sale transactions for Digital Receipt processing by RosExporter | Cow Hills Treazure Enterprise |