Authenticate your Hosted Fields session
To authenticate your access to our gateway, you must include a session token every time you run the Hosted Fields script on your webpage. The following constraints apply to session tokens:- A session token expires after 10 minutes.
- You can use a session token only once for each instance of Hosted Fields.
Integration steps
Step 1. Generate a Bearer token.Step 2. Generate a session token from the Bearer token.
Step 2a. (Optional) Generate a session token to update a secure token.
Before you begin
Headers
To create the header of each POST request, you must include the following parameters:- Content-Type: Include application/json as the value for this parameter.
- Authorization: Include your Bearer token in this parameter.
- Idempotency-Key: Include a UUID v4 to make the request idempotent.
curl-H "Content-Type: application/json"-H "Authorization: <Bearer token>"-H "Idempotency-Key: <UUID v4>"
Errors
If your request is unsuccessful, we return an error. For more information about errors, see Errors.Step 1. Generate a Bearer token
Use our Identity Service to generate a Bearer token to include in the header of your requests. To generate your Bearer token, include your API key in the x-api-key parameter in the header of a POST request, and then send it to our Identity Service. Test endpoint: https://identity.uat.payroc.com/authorizeProduction endpoint: https://identity.payroc.com/authorize
You need to generate a new Bearer token before the previous Bearer token expires.
Example request
curl --location --request POST 'https://identity.payroc.com/authorize' --header 'x-api-key: <api key>'
Example response
If your request is successful, we return a response that contains your Bearer token, information about its scope, and when it expires.{"access_token": "eyJhbGc....adQssw5c","expires_in": 3600,"scope": "service_a service_b","token_type": "Bearer"}
Step 2. Generate a session token from the Bearer token
You must generate a new session token for each instance of Hosted Fields. When you generate a session token, you need to specify the version of the Hosted Fields JavaScript library that you are using.| Version | Notes |
|---|---|
| 1.3.0.135534 | Current production version |
| 1.2.0-beta.135020 | Current test version |
The version number is in the script tag of the config object.
Production endpoint: https://api.payroc.com/v1/processing-terminals/{processingTerminalId}/hosted-fields-sessions
Step 2a. (Optional) Generate a session token to update a secure token
If you want to update a secure token, you also need to include the secureTokenId of the secure token that you want to update.Request parameters
To create the body of your request, use the following parameters:Path parameters
Header parameters
Body parameters
Example request
Request
curl --request post \--url https://api.payroc.com/v1/processing-terminals/1234001/hosted-fields-sessions \--header 'Authorization: Bearer <access token>' \--header 'Content-Type: application/json' \--header 'Idempotency-Key: 8e03978e-40d5-43e8-bc93-6894a57f9324' \--data '{"libVersion":"1.1.0.123456","scenario":"payment"}'
Response fields
If your request is successful, our gateway creates a session token. The response contains the following fields:Response Schema
Status Code 201
Successful request. We created the session and returned a session token.Response headers
Response body
Example response
Response
application/json
{"processingTerminalId": "1234001","token": "abcdef1234567890abcdef1234567890","expiresAt": "2025-07-02T15:30:00.000+02:00"}