Authorised users (e.g. administrators via FlipPay web interface) on a Merchant account can create “API user” and/or “web user” accounts:
- Each "API user" account contains it’s own credentials (a token), and can only access FlipPay via API services (e.g. cannot login via web)
- Each Web user account contains it’s own credentials, and can only access FlipPay via the web interface (e.g. cannot make API requests)
In every API request, API users must present a valid bearer token AND a valid merchant ID to enact the request on.
Merchants may create multiple "API user" accounts, which can be separately applied to different 3rd party systems that are to be integrated directly to the Merchant's FlipPay account. Each user will authenticate with it's own token, and provide the same merchant ID for the Merchant account.
Merchant "API user" accounts have access to all objects on their Merchant account.
Merchants should consider how to apply access controls within external integrated systems and the configuration options within FlipPay, if you wish to tightly manage user access to payment requests across integrated systems.