Authorised users (e.g. administrators via FlipPay web interface) on a Introducer account can create “API user” and/or “web user” accounts:
- Each "API user" account contains it’s own credentials (a token), and can only access FlipPay via API services (e.g. cannot login via web)
- Each Web user account contains it’s own credentials, and can only access FlipPay via the web interface (e.g. cannot make API requests) - specifically the Introducer portal
In every API request, API users must present a valid bearer token AND a valid merchant ID to enact the request on.
Introducers typically will create a single API user account, which will authenticate with it's token and provide the merchant ID for the Merchant the request is coming from.
Introducers can only create payment requests via API, and on Merchant accounts where a link between the Merchant and Introducer already exists.
Introducers send “link requests” to Merchant accounts, which are presented within a Merchant account for authorised Merchant users to accept/decline. Once accepted, the Merchant and Introducer accounts are linked, and payment requests can be created on the Merchant account by the Introducer. Merchants control this link - it is accepted, declined or removed within the Merchant portal, by authorised Merchant users.
When an Introducer authenticates using their API user token and provides a merchant ID with a validly formed API request, FlipPay will check if a link exists between the Merchant and Introducer. If a link exists, the request will be enacted on the Merchant account. If no link exists, the request will return an error confirming no link exists.
Introducer "API user" accounts have access to all objects they have created on a linked Merchant account.