• France
status page
Demo shops
assistance
FAQContact support
Search
Categories
Tags
Europe (English)
France
Spain
Europe (English)
India
Homepage
Use cases
Create a payment
Create an installment payment
Create a multi-card (split) payment
Create a payment by Alias (Token)
Create a payment link
Create a recurring payment
Manage subscriptions
Manage your transactions (refund, cancel...)
Analyze your reports
API docs
Embedded Form
REST API
Hosted payment
Mobile payment
File exchange
SDD mandates by REST API
Snippets
Payment methods
Plugins
Marketplace
Guides
Merchant Back Office
Back Office Expert
Functional guides

Authenticate

Authentication is in OAuth2 mode. You must have a technical account to access the Merchant Back Office.

  1. Sign in to the Merchant Back Office with your own login details.
  2. At the top right of the screen, open the drop-down menu under your name, and click Settings.
  3. Click on the API Key tab to retrieve your keys for the test and production environments.
  4. To generate an access token, make a request POST request to the following address:

    https://account.lyra.com/auth/realms/marketplace/protocol/openid-connect/token

    This is the same address for both environments.

  5. Use the following parameters in format application/x-www-form-urlencoded :
    • grant_type:client_credentials
    • client_id:<CLIENT_ID>
    • client_secret:<CLIENT_SECRET>
  6. You can now create a query to retrieve the information from your test marketplace. To do so:
    • Copy the authentication token (access_token) into the Authorization header: Bearer {access_token}
    • Send your request to the environment address

      https://secure.lyra.om/marketplace-test/v1/marketplaces/{marketplace_uuid}

      Example:

      https://secure.lyra.com/marketplace-test/v1/marketplaces/57595c55-b096-41d8-9287-b98640de3f25

     The authentication token has a lifetime of 5 minutes, and note that the refresh token is not used in the marketplace.

    You must set up a method for retrieving a new token at no more than every 300 seconds (see PHP example below).

    A request submitted with an expired authentication token will be rejected with an HTTP 307 code.

    Example of obtaining the authentication token in PHP

    <?php
require 'vendor/autoload.php';
use GuzzleHttp\Client;
$MARKETPLACE_UUID = "57595c55-b096-41d8-9287-b98640de3f25";
$USERNAME = 'ksparkles';
$CLIENT_ID = $USERNAME."_".$MARKETPLACE_UUID;
$CLIENT_SECRET = "e0d999f6-01d8-4ef9-8f9b-0fc5fa08f1a5";
$AUTH_URL = "https://account.lyra.com/auth/realms/marketplace/protocol/openid-connect/";
$API_URL = "https://secure.lyra.com/marketplace-test/v1/";
session_start();
function getAccessToken() {
    global $AUTH_URL, $CLIENT_ID, $CLIENT_SECRET;
    $expire_next = $_SESSION['expires_next'];
    if (!$_SESSION['token'] || !$expire_next || time() >= $expire_next - 2) {
        $client = new Client(["base_uri" => $AUTH_URL]);
        $response = $client->request('POST', 'token',
            ['form_params' => [
                'grant_type' => 'client_credentials',
                'client_id' => $CLIENT_ID,
                'client_secret' => $CLIENT_SECRET
            ]]
        );
        $body = $response->getBody();
        $data = json_decode($body->getContents());
        $_SESSION['token'] = $data->access_token;
        $_SESSION['expires_next']= time() + $data->expires_in;
    }
    return $_SESSION['token'];
}
function getMarketplaceDetails() {
    global $API_URL, $MARKETPLACE_UUID;
    $token = getAccessToken();
    $client = new Client(["base_uri" => $API_URL]);
    $response = $client->request('GET', "marketplaces/$MARKETPLACE_UUID",
        ['headers' => ['Authorization' => "Bearer $token"]]
    );
    $body = $response->getBody();
    return $body->getContents();
}
echo getMarketplaceDetails();
Jobs
Legal
GDPR
25.18-1.11