Disconnecting merchants

Before you can deauthorize an OAuth application, you must use the OAuth client credentials flow to request an access_token. This access_token will provide you access to the necessary API resources. This is not the same OAuth flow that’s used for the Connect button for current merchants.

Generate an access token with the client credentials grant type

Configure your OAuth client library to use the following values:

OAuth Client ID (from your partner OAuth application)
OAuth Secret (from your partner OAuth application)
Scope: tenant
Grant Type: client_credentials

Your OAuth client library should provide a convenient way to send a POST request with the these parameters to the https://api.affinipay.com/oauth/token endpoint:

Request access token with client credentials grant type

curl -X POST -H "Content-Type:application/json" https://api.affinipay.com/oauth/token -d '
{
  "client_id":"Y4QLWPO6wZag2ia8Abw7nbeLUAOgebDlfZGF1KyzgBaqAllzMtYFfP58jRxg5rp5",
  "client_secret":"4EG357enIs4m2SWKi9yfC3fQzIeOZmBTWr96ay47tqN4GUtRPYrWwxwCxwlZJbiC",
  "grant_type":"client_credentials",
  "scope":"tenant"
}'

Example response

{
  "access_token":"IE83NL7SEGbLxT8UBWww78CSREhLsg5Yhf5fFu8znSpPh2BbBMvXPyQkZx5BU10C",
  "token_type":"bearer",
  "scope":"tenant",
  "created_at":1550789541
}

Use this access token to deauthorize the partner OAuth application.

Disconnect the merchant

Disconnecting a merchant (which is technically revoking authorization to use a partner OAuth application from the specified AffiniPay merchant account) requires:

public_key. The unique identifier for the AffiniPay merchant account.
access_token. The access token with client credentials grant type.

Deauthorize partner OAuth application

curl -X DELETE -H "Authorization: Bearer <access_token>" https://secure.affinipay.com/api/v1/merchants/{public_key}/deauthorize_application

This request returns an HTTP 200 OK status code and an empty response body when successful.