Every OAuth access token has a scope. Scopes limit the access you have to your customer's account resources.
Currently, you can't change the scope of an existing OAuth client. If you have an access token with a given scope, but want to make API requests outside that scope, you need to register a new OAuth client and request access to your customer's account resources.
The following scopes are available:
- Viewing webhooks
- Viewing and editing webhooks
- Make online payments
- Tokenize payment details
- Handle raw card data
- Manage payment links
- Modify account settings
Viewing webhooks
Scope identifier: psp.webhook:read
Lets you view webhook configurations for your customer's merchant account.
Gives access to the following Management API requests:
- GET /merchants/{merchantId}/webhooks
- GET /merchants/{merchantId}/webhooks/{webhookId}
- POST /merchants/{merchantId}/webhooks/{webhookId}/test
Viewing and editing webhooks
Scope identifier: psp.webhook:write
Lets you view, create, edit, and delete webhook configurations for your customer's merchant account.
Gives access to the following Management API requests:
- GET /merchants/{merchantId}/webhooks
- GET /merchants/{merchantId}/webhooks/{webhookId}
- POST /merchants/{merchantId}/webhooks/{webhookId}/test
- POST
/merchants/{merchantId}/webhooks - PATCH
/merchants/{merchantId}/webhooks/{webhookId} - DELETE
/merchants/{merchantId}/webhooks/{webhookId}
Make online payments
Scope identifier: psp.onlinepayment:write
Lets you process online payments on behalf of your customer.
This scope does not let you:
Request these scopes separately.
Gives access to the following Management API requests:
- POST
/me/allowedOrigins - POST
/me/generateClientKey
Gives access to the following Checkout API request groups:
- Payments
- Modifications
- Recurring (only GET
/storedPaymentMethods). Requires Checkout v70. - Orders
- Utility
- Classic Checkout SDK
Integrating online payments using OAuth
When integrating online payments using OAuth, remember that OAuth is simply an alternative method of authenticating API requests. This means all our online payments documentation still applies.
However, because OAuth doesn't grant you access to your customers' Customer Area, you can only set up the resources for client-side authentication through our APIs, outlined in the step below:
Step 1: Add allowed origins
Allowed origins are domains from which you make client-side requests. This means you need to add the domains on which you're accepting payments as allowed origins. To do so, make a POST request to the
/me/allowedOrigins
endpoint.
Step 2: Generate a client key
When using Components or Drop-in to accept payments online, you need a client key for client-side authentication.
To generate your client key, make a POST request to the /me/generateClientKey endpoint:
| Parameter name | Required | Description |
|---|---|---|
| ADYEN_MANAGEMENT_API_BASE_URL |  |
The base URL of the Management API:
|
curl --request POST 'https://{ADYEN_MANAGEMENT_API_BASE_URL}/v3/me/generateClientKey' \
--header 'Authorization: Bearer {ACCESS_TOKEN}' \
--header 'Content-Type: application/json'Step 3: Retrieve your URL prefix
The URLs of our payment APIs have account-specific prefixes for our live environment. To make API requests to process payments on behalf of your customer, you need their account-specific prefix.
To retrieve your customer's account-specific, make a GET request to the
/merchants/{merchantId}
endpoint. In the response, the livePrefix is in the dataCenters array:
The merchantId that you need to pass as a query parameter can be found in the response of code exchange for accounts.
[...]
"dataCenters": [
{
"name": "",
"livePrefix": ""
}
],
[...]Tokenize payment details
Scope identifier: psp.onlinepayment.tokenization:write
Extends the functionality of the psp.onlinepayment:write scope by letting you tokenize a shopper's payment details to process recurring payments.
Furthermore, the scope gives you access to the Recurring requests of the Checkout API, which let you list and delete stored tokens.
This scope does not let you tokenize payment details through the Recurring API.
Handle raw card data
Scope identifier: psp.rawcarddata:write
Extends the functionality of the psp.onlinepayment:write scope by enabling you to submit raw card data.
This scope is disabled by default and requires PCI-DSS Self-Assessment Questionnaire D. To enable, contact your account manager.
Manage payment links
Scope identifier: psp:paybylink:write
Lets you create and update payment links.
To tokenize a shopper's payment details using payment link, you need also need:
- Tokenize payment details scope
- Make online payments scope
In case you want to tokenize your shopper's payment details, you need the scope psp.onlinepayment.tokenization:write and psp.onlinepayment:write in order to make subsequent recurring payments.
Modify account settings
Scope identifier: psp.accountsettings:write
Lets you modify merchant account settings.
Gives access to the following API request:
- GET
/merchants/{merchantId}