The Grant API uses OAuth to connect a granting Braintree merchant and a receiving Braintree merchant.
Once the recipient goes through these flows and consents to receiving granted payment methods, the grantor will receive an access_token. This token contains encoded information about the recipient, information to the Grant API connection, and the actions the grantor can take on the recipient's behalf.
To use the Grant API with the recipient, the access_token must include the right to grant payment methods to that merchant. When setting the connect_url, the grantor must include the OAuth scope grant_payment_method.
The recipient can search for any transactions they've created using granted payment methods, but in order for the grantor to access this data, the access_token must include the right to search facilitated transactions. As the grantor, be sure to include the OAuth scope read_facilitated_transactions, in addition to grant_payment_method, when setting the connect_url.
Next Page: Search →