Authorization

All Client API requests must include an authorizationFingerprint parameter that authorizes action. For example, to authorize a request to get a list of payment methods:

Bash

curl -G https://api.braintreegateway.com/merchants/MERCHANT_ID/client_api/v1/payment_methods \
  --data-urlencode 'authorizationFingerprint=AUTHORIZATION_FINGERPRINT'

The authorization fingerprint is a signed collection of the merchant's public ID and values specified during client token generation.

Get an Authorization Fingerprint

The authorization fingerprint is a string included in the Client Token returned by the Client Token: Generate method. See Generate a Client Token for details on obtaining a client token. Client tokens are JSON-encoded data. For client token versions 2 and up, the JSON string is base64-encoded. The contents of a decoded and parsed client token vary by what version was requested. At its most minimal, it contains an authorizationFingerprint field:

JSON

{
  "authorizationFingerprint": "AUTHORIZATION_FINGERPRINT",
  "version": 3,
  "configUrl": ""
}